Developer workstations have become a prime target. Attackers now focus on the scattered files, extensions, and configurations that live on engineers’ machines rather than hardened production systems. Perplexity open-sourced Bumblebee on May 22, 2026. The tool scans macOS and Linux developer endpoints for risky packages, browser extensions, editor plugins, and AI agent configurations. It does so without executing code or invoking package managers. Perplexity blog describes it as a read-only inventory collector. Bumblebee addresses a specific gap. SBOMs document what ships to production. EDR tools watch running processes. Neither captures the on-disk state of lockfiles, manifests, and MCP configs that sit idle on laptops until a new advisory arrives. Recent supply-chain incidents highlight the stakes. A May 11, 2026 attack inserted malicious code into more than 160 packages used by millions of developers, including tools tied to Mistral AI and a React package with 12 million weekly downloads.…