惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

D
DataBreaches.Net
Apple Machine Learning Research
Apple Machine Learning Research
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
SegmentFault 最新的问题
博客园 - 聂微东
罗磊的独立博客
W
WeLiveSecurity
博客园_首页
Scott Helme
Scott Helme
V
Visual Studio Blog
T
The Exploit Database - CXSecurity.com
G
Google Developers Blog
大猫的无限游戏
大猫的无限游戏
Latest news
Latest news
L
Lohrmann on Cybersecurity
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
A
About on SuperTechFans
F
Full Disclosure
Y
Y Combinator Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
博客园 - 司徒正美
博客园 - Franky
C
CXSECURITY Database RSS Feed - CXSecurity.com
F
Fortinet All Blogs
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
阮一峰的网络日志
阮一峰的网络日志
S
Schneier on Security
雷峰网
雷峰网
博客园 - 【当耐特】
P
Privacy International News Feed
C
Cyber Attacks, Cyber Crime and Cyber Security
Engineering at Meta
Engineering at Meta
aimingoo的专栏
aimingoo的专栏
MongoDB | Blog
MongoDB | Blog
J
Java Code Geeks
T
Tor Project blog
V
V2EX
爱范儿
爱范儿
C
Check Point Blog
T
Threatpost
Project Zero
Project Zero
量子位
V
Vulnerabilities – Threatpost
Know Your Adversary
Know Your Adversary
I
Intezer
G
GRAHAM CLULEY
P
Privacy & Cybersecurity Law Blog
GbyAI
GbyAI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com

TestingCatalog

SpaceXAI gearing up for upcoming Grok 4.5 release ByteDance set to launch Seedance 2.5 with 3-minute output Meta prepares Scheduled tasks for Meta AI users on web Google tests new Gemini Inbox section for Workspace triage OpenAI might be preparing GPT-5.6 for next week's release Mistral releases Leanstral 1.5 model for proof engineering xAI debuts Grok Voice Agent Builder for Enterprises Condense launches proxy to cut AI coding agent bills by 66% Vellum adds agent-to-agent AI collaboration for Slack Early look at Anthropic's Claude Science app for researchers Google launches Nano Banana 2 Lite and Gemini Omni Flash Google might be testing Gemini Flash upgrade on LM Arena Anthropic may impose KYC restrictions for Fable 5 access Anthropic launches Claude Sonnet 5 model on Claude and APIs NoimosAI launches Creative Agent for brand assets Apify lets AI Agents pay via Coinbase x402 for web tools Bloome launches chat platform for AI agent teams Meituan launches LongCat-2.0 1.6T parameter model Cursor releases its iOS app for vibe coding on the go OpenAI prepares upgraded Office controls for Codex OpenAI tests gifting Codex credits as new growth strategy Microsoft launches MAI-Code-1-Flash on GitHub Copilot Google adds Computer Use to Gemini 3.5 Flash Google tests notebook collections for NotebookLM OpenAI launches GPT-5.6 Sol preview for select partners Microsoft adds Copilot finance tools to Excel for M365 users DeepReinforce releases Ornith-1.0 open-source coding models Gemini to get voice dictation and Magic Pointer on desktop Meta launches AI glasses with three new styles from $299 Anthropic launches Claude Tag on Team and Enterprise plans Mistral launches OCR 4 for multilingual document extraction ClickUp rolls out Brain² AI with deep workspace context Latitude launches open-source platform to monitor AI agents OpenAI prepares bidirectional voice mode for rollout Anthropic prepares Cowork support for mobile apps Google tests literature review matrix tool for NotebookLM OpenAI launches new security tools and updates GPT-5.5-Cyber Sakana AI releases Fugu Ultra system to rival top AI labs Perplexity releases Brain Memory for Perplexity Computer Anthropic launches live Artifacts for Claude Code Anthropic launches managed connector access with Okta OpenAI prepares real-time voice mode for Pets in Codex OpenAI prepares GPT-5.6 models for the upcoming release Microsoft evaluates different open models for Cowork Zeta Labs brings AI employee Viktor to Microsoft Teams Mistral AI to get Code and Apps features on Vibe Z AI launches GLM-5.2 open-weight model with 1M context Microsoft launches Copilot Cowork globally for Microsoft 365 OpenAI readies ChatGPT for Science subscription plan Nitrosend launched AI-native email platform for agents Google readies Personalization and AI Editing for NotebookLM OpenAI prepares major ChatGPT voice upgrade with GPT-Bidi-1 Mistral embraces cat mascot after Le Chaton Fat goes viral ICYMI: OpenAI released CDP support for browser use on Codex Google develops Personalization controls for Gemini xAI is working on Automations feature for Grok Cutback launches AI tool to automate long-form video editing Telegram launches watch apps and rich formatting for bots Anthropic suspends Fable 5 and Mythos 5 after export order Google is working on Skills Marketplace for Gemini Business MiniMax M3 launches on NVIDIA platform with Free Endpoint Meta AI to get new modes for Deep Research, Social, and more Maket launches floor plan upload for faster project kick-off NoimosAI launches autonomous AI marketing team Claude Code Managed Agents and model selector for Voice Mode Mora launches AI analytics platform with SQL transparency Maket debuts Auto-Complete for generating floor plans Microsoft rolls out Scout AI agent to Frontier users Anthropic started red teaming new Mythos models OpenSquilla lets AI agents organize their own skills Microsoft Build 2026 recap OpenAI makes its next hardware move with Opal Electronics Google tests planning mode for NotebookLM Video Overviews TinyFish Bigset turns text prompts into live datasets What releases to expect from Anthropic in coming weeks Exclusive: New screenshots of upcoming Copilot Super App Microsoft released MAI voice and image models for Build 2026 3 upcoming NotebookLM features we all should be waiting for Perplexity tests daily Digest for its Computer agent Explee launches AutoGTM AI Agent for outbound sales Anthropic launches dynamic workflows for Claude Code Nano Banana 2 and Pro are now in General Availability Anthropic launches Claude Opus 4.8 and new effort selector Sesame debuts iOS app in preview with personal voice agents Google expands Gemini for Business with shareable Projects Anthropic to expand Claude Voice Mode to more languages Alook launches open-source AI team orchestration platform Helio launches invite-only AI-powered team workspace Anthropic to introduce AI Fluency scorecard in Claude Capafy launches AI Skills Marketplace for creators Anthropic plans Claude memory update with new Memory Files Anthropic prepares Mythos 1 for Claude Code and Security Google unveils 24/7 Gemini Spark AI Agent for advanced tasks Google launches Gemini 3.5 Flash AI model to all users Google rolls out Gemini Omni AI for video generation Anthropic launches secure sandboxes and private MCPs How to watch Google I/O 2026 and what to expect Cursor released Composer 2.5 with up to 10x cost efficiency Manus released Scheduled Tasks 2.0 upgrade for all users Exclusive: Early look at the next Gemini desktop upgrade
Perplexity open-sources Bumblebee security scanner
Alexey Shabanov · 2026-05-23 · via TestingCatalog

Perplexity is releasing Bumblebee, an open-source security scanner for developer machines, and making an internal supply-chain response tool publicly available. The tool is built for macOS and Linux and is designed to scan local developer environments for risky packages, browser extensions, editor extensions, and AI tool configurations without modifying the machine.

Today we're open-sourcing Bumblebee, a read-only scanner for macOS and Linux.

It checks developer machines for risky packages, extensions, and AI tool configs.

Connected to Computer, it can trigger deeper scans whenever a new supply-chain risk emerges.https://t.co/FOaWnF1yQy pic.twitter.com/wXauD4wDOT

— Perplexity (@perplexity_ai) May 22, 2026

Bumblebee focuses on a specific security problem: when a new compromised package, extension, or developer tool risk appears, teams need to know which machines may be exposed right now. Instead of checking only shipped software via SBOMs or runtime behavior via EDR tools, Bumblebee reads local metadata from lockfiles, package manager records, extension manifests, and supported MCP configuration files. It then emits structured NDJSON records that security teams can compare against exposure catalogs.

The scanner covers common developer ecosystems, including:

  1. npm, pnpm, Yarn, Bun
  2. PyPI
  3. Go modules
  4. RubyGems
  5. Composer
  6. VS Code-family editor extensions such as Cursor, Windsurf, and VSCodium
  7. Chromium-family browser extensions
  8. Firefox extensions
  9. Several MCP host configuration files

It is distributed as a Go-based static binary with no non-standard-library dependencies, and its first tagged release is v0.1.1.

Perplexity is positioning Bumblebee as a read-only tool, meaning it does not run package managers such as npm, pip, or go commands, nor does it read source files. That matters because the target use case is fast detection of inventory and exposure across developer endpoints, not code auditing or malware removal. The tool supports baseline, project, and deep scan profiles, allowing security teams to run lightweight, recurring scans or broader incident-response checks when a known advisory is issued.

The release is aimed mainly at security engineers, DevSecOps teams, and organizations with developers working across many local tools and package ecosystems. Its value is clearest during supply-chain incidents, where response speed depends on quickly identifying which endpoints contain a specific risky package or extension version. For Perplexity, the move also supports its enterprise narrative around safer AI agent deployment, especially as tools like Computer become more deeply connected to developer and business workflows.

Source