A Robot Cloned GPL Software in 90 Seconds and Slapped a “Legally Distinct” Sticker On It
so somebody built a machine that takes free software, launders it through an AI, and hands you back a version the original creator can’t legally touch. it’s satire. it also works.
A tool called MALUS rebuilds any open-source project for pennies — spitting out “legally distinct code with corporate-friendly licensing” in the time it takes to microwave a burrito.
Built by a security founder and a UN software architect. Half joke, fully functional. And the whole “you can’t do that” rulebook the open-source world runs on? Suddenly looks like a screen door on a submarine.

no cap, this is the “we did it for the memes but the memes are load-bearing now” timeline. let me break down what actually happened.
🧩 Dumb Mode Dictionary (read this first, everything else clicks)
| Fancy Term | What It Actually Means |
|---|---|
| Open source | Software where anyone can see and use the recipe for free |
| GPL / copyleft | A rule that says “use my free code? cool — but YOUR version has to stay free too.” It’s a chain. |
| Clean room | You describe what a thing does to someone locked in a room who’s never seen the original. They rebuild it from scratch. No copying = no copyright problem. |
| Legally distinct | “Looks the same, does the same, but technically I wrote it fresh so you can’t sue me” |
| MALUS / malus.sh | The AI tool at the center of this. You point it at free software, it hands you a private copy with the chain snapped off |
| Proprietary | The opposite of free — locked up, sell-it-for-money, don’t-touch-my-code software |
📰 What went down
Two dudes — Dylan Ayrey (founder of a security company called Truffle Security) and Mike Nolan (a software architect who works with the UN’s development program) — built a website called malus.sh.
Here’s the pitch: you give it a free/open-source project. It aims an AI at the code, studies what the software does, and then rebuilds an “analogous” version — without ever copy-pasting the original. Because the AI technically wrote fresh code, MALUS claims the result dodges the GPL “keep it free” chain entirely.
- Cost: cents.
- Time: minutes.
- Result: a private, sellable version of software someone gave away for free.
The site literally advertises “legally distinct code with corporate-friendly licensing.” That’s not me being cheeky — that’s the marketing copy.
🕰️ Why this is a big deal (a tiny history lesson, i promise it's short)
Back in 1982, a company called Phoenix wanted to copy IBM’s secret startup code (the BIOS) without getting sued. So they did the clean-room trick: one team studied IBM’s code and wrote a description, a second team (who NEVER saw IBM’s code) built a fresh version from that description. Boom — legal clone. It birthed the entire PC-clone industry (that’s why you can buy a laptop that isn’t an IBM).
But it took months and hundreds of thousands of dollars and two separate teams of expensive engineers.
MALUS just turned that whole opera into a button. Months → minutes. Six figures → pocket change. That’s the actual headline here. The technique is 44 years old. The price crash is the news.
they took the nuclear option and put it in a gumball machine.
⚖️ The catch nobody can answer yet
Real talk — this is NOT settled. Here’s the honest version:
- It’s satire. The creators built it partly to troll and to make a point about how fragile copyleft is in the AI age.
- It also genuinely works and genuinely charges money. Both things are true.
- It has never been tested in court. “The AI wrote it fresh so it’s fine” is a theory. A judge could absolutely say “nice try, that’s still copying” and torch the whole thing.
So if you’re reading this thinking “sick, i’ll go clone Photoshop” — pump the brakes, champ. The legal ground is quicksand. The interesting part isn’t stealing software. It’s what this whole circus reveals about where value is moving. Which is the fun part ![]()
Full breakdown at 404 Media · TechSpot’s writeup · Futurism’s take
🗣️ What the timeline's saying
- Open-source maintainers: full-on (╬ Ò﹏Ó). “we gave this away for free and now robots are relaundering it to sell back? diabolical.”
- The ‘legally distinct’ meme crowd: having a field day. Everyone’s clean-rooming everything as a bit now.
- Lawyers: quietly sweating, because “clean room” law assumed a human in the room. Nobody wrote rules for a machine that reads all the code and forgets it on command.
- Startup bros: already DM-ing each other “wait can we do this with [expensive competitor]”
the vibe is basically that one spider-man pointing-at-spider-man meme, except every spider-man is a codebase.
Cool. A Machine Snaps the “Keep It Free” Chain for Pennies… Now What the Hell Do We Do? ( ͡° ͜ʖ ͡°)

okay here’s where we stop gawking and start thinking. the point of all this isn’t “go pirate software” — that’s the boring, get-sued version. the point is: when the impossible-expensive thing becomes cheap, the money moves to whoever spots it first. here are 5 angles nobody’s fully run yet. test the edge before you call it impossible.
🪟 The Patch-Window Prospector
Every time a giant free project changes its license to something stricter (this happens constantly — companies do it to squeeze money out), there’s a 2-4 week panic window where small businesses that relied on the old free version freak out. You be the calm person in the storm — the one who already mapped which free alternatives (or clean-rebuilt options) cover their exact use case.
Example: A 24-year-old dev in Manila watches license-change announcements on GitHub’s trending page and a subreddit like r/opensource. When a popular tool goes “paid,” he publishes a same-day “here are your 3 free swaps + migration steps” guide and offers a $150 flat “move-me-over” service to panicking small shops. Sells 8 in a week.
Timeline: First client in ~5 days after any big license drama. The window closes in 3-4 weeks once everyone’s migrated — so you chase the next license change. This never fully dries up; companies re-license something every few months.
🧭 The Dependency Detective
Businesses have NO idea how much free/copyleft code is buried in the software they sell — and that buried code can be a legal landmine. You become the person who scans a company’s product and hands them a plain-English map: “here’s what’s inside, here’s what’s risky, here’s what’s fine.”
Example: A self-taught 27-year-old in Nairobi uses free scanners like FOSSA’s free tier or the open-source ScanCode Toolkit to audit a startup’s codebase, then writes a 2-page “your license risk” report a non-tech founder can actually read. Charges $300 per report. Word spreads because founders are terrified of exactly this.
Timeline: First paid audit within 2 weeks of building a sample report. Stays viable for years — the more AI-cloned code floats around, the more paranoid buyers get.
📚 The Vocabulary Landgrab
Whenever a weird new thing gets a name — “Clean Room as a Service,” “license laundering,” “legally distinct code” — the FIRST person to build the plain-English cheat sheet for it becomes the default search result. Free traffic forever, because everyone Googling the term lands on YOU.
Example: A 22-year-old in Lahore builds a dead-simple one-page site: “Clean Room AI Cloning, Explained Without the Legalese” — every term defined, every myth busted, updated as court cases drop. Slaps a couple of relevant affiliate links to legal-doc tools and an email signup on it. Becomes the #1 link within 2 months because nobody else bothered.
Timeline: Traffic trickles for the first 6-8 weeks, then snowballs as the topic heats up in the news. Plateaus only if a big outlet out-writes you — so keep it updated.
🛡️ The Fingerprint Guy (help the DEFENDERS)
Flip the whole thing. Open-source creators HATE this and would pay to prove someone cloned their work. Fresh code with all the same quirks, bugs, and structure leaves a “fingerprint.” Be the person who catches the launderers.
Example: A CS student in Kraków uses free code-similarity tools like MOSS (the plagiarism detector professors use on students) and JPlag to compare a suspicious “distinct” product against the original open-source project, then hands the maintainer a side-by-side “this is 84% structurally identical” report. Offers it as a $200 “clone check” to project owners and small companies.
Timeline: First gig within ~10 days of posting sample comparisons in dev communities. Grows steadily — this is an arms race, and defenders always need fresh eyes.
⛏️ Sell Shovels, Not Gold (the boring-money play)
Everyone’s gonna chase the flashy “clone the software” dream and most will faceplant on the legal stuff. The steady cash is in the boring picks-and-shovels: the prompts, the checklists, the templates that make the whole workflow less of a legal minefield.
Example: A 29-year-old in São Paulo builds a $19 “Open-Source License Survival Kit” — a Notion pack with a license-comparison chart, a “can I use this commercially?” flowchart, ready-to-send lawyer questions, and links to free tools. Sells it on Gumroad to indie devs and small agencies who don’t want to think about this stuff. 200 sales in the first month = $3,800, near-zero ongoing work.
Timeline: First sales within a week of launch if you drop it in the right dev Discords. Passive after that — refresh the kit whenever a major law/case changes, maybe 2-3 times a year.
🛠️ Follow-Up Actions
| Move | Where to start | Cost |
|---|---|---|
| Understand the trick | Clean room design (Wikipedia) | Free |
| Watch for license drama | GitHub Trending + r/opensource | Free |
| Scan code for hidden licenses | ScanCode Toolkit | Free |
| Catch clones | MOSS / JPlag | Free |
| Sell a simple product | Gumroad | Free to start |
Quick Hits
| You Want To… | Do This |
|---|---|
| Read the 404 Media report — 5 min, worth it | |
| The 1982 IBM clone story | |
| Add a strong copyleft license + document your quirks | |
| Start with the Dependency Detective — lowest skill floor, real demand | |
| Remember: “legally distinct” is a theory, not a green light |
they didn’t hack the code. they hacked the definition of “copying” — and honestly that’s the scarier flex.
!