'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal.com, a major open-source scheduling platform, is making a dramatic shift by abandoning its open-source model for commercial products. The company, which CEO Bailey Pumfleet founded on open-source principles in 2022, is moving from the GNU Affero General Public License (AGPL) to a proprietary license. The decision stems directly from the threat posed by advanced AI models like Anthropic's Claude Opus, which can systematically analyze public codebases to find security vulnerabilities. Pumfleet describes the situation as "like handing out the blueprint to a bank vault" with "100× more hackers studying the blueprint."

While the recent demonstration by Anthropic's Mythos model breaking into secure systems like OpenBSD highlighted the risk, Cal.com's decision was already in motion. The company cites Hex Security CEO Huzaifa Ahmad's assessment that open-source applications are "5-10× easier to exploit than closed-source ones" with current AI tools. Cal.com is releasing Cal.diy as a fully open-source version for hobbyists, separating it from the commercial product that handles sensitive booking data. This move represents a fundamental challenge to open-source business models, forcing companies to choose between transparency and security in an era of AI-powered code analysis.