Business · The Register
AI's not going to kill open source code security
Compiled by KHAO Editorial — aggregated from 1 outlet. See llms.txt for citation guidance.
◌ Single Source
Opinion Cal.com has closed its commercial codebase, abandoning years of AGPL-3.0 licensing in a move that has alarmed the developer community that helped build it and sent ripples through the broader open source world.
Key facts
- It's also true that some security reports, such as Black Duck's 2026 Open Source Security and Risk Analysis (OSSRA) paper, claim there's been a 107 percent surge in open source vulnerabilities per
- Ryan Sipes, Mozilla Thunderbird Product & Business Development Manager, said on YComb: "Their scheduling tool, Thunderbird Appointment, will always be open source
- Thinking of security by obscurity, Peter Steinberger, creator of OpenClaw, tweeted, "If you look at GPT 5.4-Cyber and its ability for closed source reverse engineering, the reporter has bad news for you
- In case you haven't looked at GPT 5.4-Cyber yet, OpenAI's answer for Mythos, OpenAI claims it can reverse engineer binaries to source code
Summary
"Open source is dead," says Cal.com co-founder and CEO Bailey Pumfleet. Punfleet made this declaration because the company is moving its main program from the GNU Affero General Public License (AGPL) to a proprietary license, as he sees AI as too much of a threat to the program's security. If that sounds familiar, it should. It's an ancient argument that letting people read your code automatically makes it more vulnerable. Now it is true that AI makes finding security holes easier and faster than ever.