// legal · safety · security

Legal notices, safety & security

This page states legal disclaimers, project independence (including explicit non-affiliation with Google, Google DeepMind, and related entities), and security expectations for Bumblebee — community-developed open-source software — and for this website. It is meant for operators, deployers, integrators, and visitors evaluating the project. Unless you separately enter into a written agreement, nothing here creates a binding contract; it is a prudent-use notice for experimental agent software.

Executive summary

Bumblebee is not a product or service of Google, Google DeepMind, or Alphabet, and is maintained by independent contributors ( full legal notice below). Technically, the harness is an agent runtime: it can invoke tools, read and write data you permit, and reach messaging surfaces you configure. Misconfiguration, untrusted tools, or untrusted chat participants can cause data loss, account abuse, or unintended actions on your systems. Run it only where you understand the blast radius, with least privilege, and treat every integration as privileged code until reviewed.

Independence, community & third parties

Community-maintained software

Bumblebee is free and open-source software developed and maintained by volunteers and contributors. It is offered in that spirit: no express or implied warranty, no guarantee of fitness for any particular purpose, and no obligation of maintenance, indemnity, or support except as may apply under the Apache License 2.0 or a separate written agreement between you and a specific party.

No affiliation with Google, Google DeepMind, or Alphabet

Bumblebee, this website, and community channels that identify with the project are not products, services, official projects, or departments of Google LLC, Google DeepMind, Alphabet Inc., or their subsidiaries or affiliates. No endorsement, sponsorship, partnership, joint venture, agency, or other official relationship shall be inferred from descriptive references to third-party models, APIs, or trademarks (including Gemma and related names). Those references identify ecosystem components you may independently choose to run (for example via Ollama on your own hardware) — not a claim that Google or DeepMind built, operates, or is responsible for this software or this site.

Trademarks & nominative use

Gemma, Google, DeepMind, Ollama, Telegram, Discord, and other names may be trademarks of their respective owners. All such names are used here in a nominative, fair-use manner for identification and technical clarity only. This project is not affiliated with those owners unless a signed, written statement says otherwise.

This website

Site content is provided for general information and may be incomplete or outdated. Use of this site does not create a fiduciary, professional-client, employment, or agency relationship with contributors or maintainers. External links are for convenience; we do not control third-party sites and are not responsible for their content, availability, or policies. Operator deployments (for example on Railway) are your environments, not “official” hosting by trademark holders unless you contract with them directly.

How Bumblebee fits in your stack

Typical setups keep inference on your hardware (for example via Ollama) and store configuration, memory, and logs on disk under your user. Optional features may call third-party APIs (search, crawl, cloud inference) when you explicitly configure keys and tools — those requests are subject to the provider’s terms and privacy policy, not ours.

The project is open source so you can inspect behavior, pin versions, and fork. That does not remove operational risk: you are responsible for how you deploy, network-expose, or share access to a running entity.

Known safety & security considerations

An honest list beats pretending the risks do not exist. Mitigations are suggestions, not guarantees.

Prompt injection & untrusted content Email, web pages, attachments, or chat text can contain instructions meant to steer the model. If the agent can run tools or send messages, that content may indirectly cause actions. Prefer allowlists for chat surfaces, constrain tools, and avoid piping high-value secrets through untrusted prompts.
Tools, MCP servers & automations Skills, scripts, MCP integrations, and automations run with whatever OS and account permissions you grant the process. Only enable code and servers you trust; review updates before upgrading in production-adjacent environments.
Messaging channels (Telegram, Discord, CLI, …) Anyone who can message your bot may be able to trigger tool use depending on your configuration. Use private bots, user allowlists, and network controls so the harness is not reachable by the whole internet unless that is intentional.
Secrets & credentials Tokens and API keys in .env or config files are only as safe as the host machine and backup policy. Use scoped keys, rotation, spend limits where providers allow them, and separate accounts for experiments vs production.
Hybrid / remote workers If you split “brain” and “worker” across networks, you introduce trust boundaries (tunnels, queues, object storage). Compromise of any hop can affect the whole pipeline — design authentication, TLS, and firewall rules accordingly.
Model behavior & outputs Local models can still produce incorrect, biased, or harmful text. Do not rely on the harness for safety-critical decisions without human oversight and domain-specific validation.

Responsible use

Do not use Bumblebee to break law, harass people, scrape or send data you are not entitled to, or bypass security controls. You are responsible for compliance with privacy, employment, sector, and export rules that apply to your jurisdiction and data. This software does not provide legal, medical, financial, or therapeutic advice; outputs are not a substitute for qualified professionals.

Disclaimer of warranties, liability & AI outputs

Software “as is”

Bumblebee is provided “as is” and “as available”, without warranty of any kind, whether express, implied, statutory, or otherwise, including but not limited to implied warranties of merchantability, fitness for a particular purpose, title, quiet enjoyment, or non-infringement, to the fullest extent permitted by applicable law. You assume all risk as to quality, performance, accuracy, and reliability.

Limitation of liability

To the maximum extent permitted by applicable law, in no event shall the project’s contributors, maintainers, copyright holders, or their respective directors, officers, employees, agents, suppliers, or licensors be liable for any indirect, incidental, special, consequential, punitive, or exemplary damages (including without limitation loss of profits, data, use, goodwill, or other intangible losses) arising out of or relating to your access to or use of (or inability to use) the software or this site, whether based on warranty, contract, tort (including negligence), strict liability, or any other legal theory, even if advised of the possibility of such damages. In jurisdictions that do not allow such limitations, liability is limited to the fullest extent permitted.

Models, tools & generated content

Outputs from language or multimodal models are probabilistic and may be incorrect, incomplete, biased, or harmful. Tools may execute code, access the network, or modify data according to your configuration. You are solely responsible for validating results, supervising automation, and complying with laws and platform policies. Nothing in the harness substitutes for human judgment in safety-critical, legal, financial, medical, or similarly high-stakes contexts.

No professional advice

Information and outputs are not legal, medical, financial, tax, security, or other professional advice. Consult qualified professionals where appropriate. Repeating: this project is community software, not a regulated service provider.

Third-party software & services

Your use of third-party models, runtimes (for example Ollama), hosting, MCP servers, APIs, and other dependencies remains subject to their licenses, terms, acceptable-use policies, and privacy notices. Nothing on this page overrides the Apache License 2.0 under which the Bumblebee source is generally offered — consult the full license text in the repository.

Changes to this page

This notice may be updated from time to time. Material changes will be reflected by revising this page. Where permitted by law, your continued use of the software or this site after updates constitutes acknowledgment of the revised notice.

Severability

If any provision of this notice is held invalid or unenforceable, the remaining provisions remain in full force and effect.

Reporting security vulnerabilities

If you believe you have found a security vulnerability in Bumblebee, please report it responsibly before public disclosure. Prefer the repository’s GitHub Security Advisories flow (private report) so maintainers can reproduce and ship a fix. Include enough detail to reproduce, affected versions, impact assessment, and — where safe — a minimal proof of concept.

Please do not access, modify, or exfiltrate user data without explicit authorization; do not perform testing that could degrade third-party services. Coordinated disclosure helps protect downstream operators who run this software in production.

This project is a volunteer-driven open-source effort: there is no bug bounty or formal SLA by default. We still ask that you allow a reasonable window to address valid reports before publishing exploit details.

FAQ

Is Bumblebee affiliated with Google, Google DeepMind, or Alphabet?

No. Bumblebee is community-maintained open-source software. It is not a product, service, or official project of Google, Google DeepMind, Alphabet, or their affiliates. Mentions of Gemma or related names describe optional third-party models you may run yourself; they do not imply endorsement or responsibility by those companies. See Independence, community & third parties above.

Does Bumblebee send my chats to a vendor by default?

With a purely local inference setup, prompts and completions stay on your machine (subject to how you configure Ollama or other runtimes). If you point the harness at cloud APIs or enable tools that call the network, those components may transmit data according to their policies.

Is this software audited or certified?

There is no guarantee of third-party security audit or certification (e.g. SOC 2). Self-hosted software puts the operating environment under your control — and your responsibility.

Can I restrict who talks to my bot?

You should configure platform-specific allowlists, private bots, or network rules so only intended user IDs or networks can reach the presence layer. Treat a reachable bot as remote code execution surface if tools are enabled.

What if I uninstall?

Removing the package does not necessarily delete configs, memory stores, or logs on disk. Follow project documentation to wipe sensitive directories and revoke tokens when decommissioning.

← back to home