https://www.drmhse.com/series/security-visualizers/Recent content in Security Visualizers on Mike CK - Electrical Engineer and DeveloperHugoenSun, 24 May 2026 20:44:57 +0300https://www.drmhse.com/posts/bringing-a-face-to-the-buzz-why-i-built-a-ui-for-perplexity-bumblebee-scanner/Sun, 24 May 2026 19:36:43 +0300https://www.drmhse.com/posts/bringing-a-face-to-the-buzz-why-i-built-a-ui-for-perplexity-bumblebee-scanner/<p>AI coding agents and package managers are incredibly convenient, but they also introduce massive new vectors for supply-chain attacks. Earlier this week, the security and AI engineering teams at Perplexity open-sourced a fantastic new internal tool called <strong>Bumblebee</strong>. If you missed the announcement, Bumblebee is a wildly fast, read-only supply-chain scanner for developer endpoints.</p> <p>Unlike traditional vulnerability scanners that run in your CI/CD pipeline, Bumblebee runs locally. It sweeps your local cache (npm, Go modules, PyPI, etc.), editor extensions, and even AI agent configs to see if you have any compromised packages sitting on your machine. And crucially, it&rsquo;s strictly read-only—it parses lockfiles and manifests without ever executing sketchy <code>postinstall</code> scripts that could trigger a dormant payload.</p>