Two Guys Just Built an AI That Strips the License Off Any Open-Source Project in 90 Seconds
“Let’s end open source together with this one simple trick” — their actual FOSDEM talk title. I’m not making this up.
A penny per kilobyte. 90 seconds per project. Zero attribution required. The GPL (the license that keeps open-source free) is now just a suggestion.
Dylan Ayrey (founder of Truffle Security) and Mike Nolan (software architect at the UN Development Programme) built malus.sh — a service that takes any open-source project, feeds it to two AI agents, and spits out a functionally identical clone with a fresh corporate-friendly license. No copyleft. No attribution. Just… yours now. They presented it at FOSDEM 2026 and the open-source world is losing its mind.

🧩 Dumb Mode Dictionary
| Term | Translation |
|---|---|
| Clean room | A legal trick where one team reads the code and writes specs, a DIFFERENT team builds from those specs alone — so the new code is “original” |
| GPL / Copyleft | A license that says “you can use this free code, but anything you build with it must ALSO be free” |
| Attribution | Giving credit to the original creator |
| FOSDEM | The biggest open-source developer conference in Europe (Brussels) |
| Malus | Latin for “evil” — also the genus of apple trees. Yeah, they went there |
📜 How We Got Here — The Clean Room Hack
Back in 1982, Compaq needed to clone IBM’s BIOS (the brain of a PC) without getting sued. Their solution: one team read IBM’s code and wrote down WHAT it did. A completely separate team — who’d never seen the original — rebuilt it from those notes alone.
That process took months and cost hundreds of thousands of dollars.
Malus.sh does the exact same thing. Except:
- Agent 1 (the “reader”) digests the target project and writes specs
- Agent 2 (the “builder”) — completely walled off from the original code — rebuilds from those specs
- Automated tests check the clone works the same way
- Total time: ~90 seconds
- Total cost: about $0.01 per kilobyte of source code
The legal theory is the same one Compaq used 44 years ago. It’s just that AI made it free.
🎭 Wait — Is This Satire or Real?
Both. That’s the diabolical part.
Malus.sh is a registered LLC. It takes real payments. It produces real clones. But Ayrey and Nolan built it specifically to make a political argument: if a penny-per-KB service can nuke the entire open-source licensing model, then maybe the licensing model is already dead.
From WebProNews’ coverage: the tool is “tongue-in-cheek” but “meant to highlight the problem that AI is posing for open-source software.”
They’re not the villains. They’re the guys pulling the fire alarm. The villains are the companies who’ll do this quietly without telling anyone.
📊 The Receipts
| Stat | Value |
|---|---|
| Cost to clone 1MB of source | ~$10 |
| Time per project | ~90 seconds |
| Old-school clean room cost | $200,000+ |
| Old-school clean room time | 3-6 months |
| Cost reduction | ~99.99% |
| Projects vulnerable | Every. Single. One. |
| Legal challenges filed so far | 0 |
| Court rulings on AI clean rooms | 0 |
🗣️ What the Timeline's Saying
The open-source community is… split.
The terrified camp: “This kills contributor motivation. Why would I maintain free software for years if someone can clone it in 90 seconds and sell it?”
The pragmatic camp: “The legal theory hasn’t been tested in court. An AI generating code from specs written by another AI reading your code might NOT survive a copyright challenge.”
The fatalist camp: “Companies were already doing this manually. AI just made it cheap enough that EVERYONE can see it happening.”
The Plagiarism Today analysis calls it “AI-washing copyright” — using the veneer of a legal process to strip rights from creators.
⚖️ The Legal Grey Zone Nobody Wants to Talk About
Here’s the thing nobody has tested yet:
Traditional clean rooms worked because humans independently reimplemented functionality. The legal defense was: “These two teams never communicated. The similarities are because there’s only one logical way to solve the problem.”
But with AI:
- The “reading” agent and “building” agent might share training data
- The specs written by Agent 1 might be SO detailed they’re basically the original code in English
- No court has ruled on whether AI-to-AI counts as a real “clean room”
The whole thing could collapse the moment someone actually sues. Or it could hold up perfectly. We literally don’t know. And that uncertainty is the weapon.
Cool. So the Entire Open-Source Ecosystem Is Just a Menu Now. Now What the Hell Do We Do? ( ͡° ͜ʖ ͡°)

🕳️ The License Detector — Compliance Bounty Farming
Companies using AI-cloned code won’t know if their “clean” code actually passes legal muster. Build a scanning tool that compares proprietary codebases against open-source originals using structural similarity analysis (not just text matching — look at control flow graphs, API call patterns, variable naming heuristics). Sell “compliance reports” to companies terrified of lawsuits.
Example: A 24-year-old security researcher in Portugal builds a Semgrep-based pipeline that fingerprints function architectures. Pitches compliance audits to mid-size SaaS companies at €2,000/report. Three enterprise clients in month one from cold LinkedIn DMs to CTOs.
Timeline: First client in 12 days. Revenue plateau at ~€8K/month within 6 weeks. Gets commoditized when big audit firms copy the methodology in 4-5 months.
🪟 The Patch Window Flip — Clone, Then Contribute
Here’s the grey-hat play: malus.sh clones a project and strips the license. But nothing stops you from cloning it, adding ONE novel feature the original doesn’t have, and releasing YOUR version under a permissive license. You now have a “competitor” to a popular open-source tool that you built in 90 seconds + 2 hours of feature work. Market it to the niche that always complained the original was missing that one thing.
Example: A developer in Kenya clones a popular markdown editor library, adds native RTL (right-to-left) language support that the original has been ignoring for years. Publishes on npm. Arabic/Hebrew dev communities adopt it. Gets sponsorship from a Middle Eastern tech company within 3 weeks — $1,500/month for maintenance.
Timeline: First version live in 2 days. First sponsor in 21 days. Ethical grey zone means you might get community heat — plan an exit strategy if the original maintainers go public.
📡 The Early Warning System — Open-Source Clone Radar
Maintainers are panicking. They need to know when their project gets cloned. Build a monitoring service that tracks new GitHub/GitLab repos, npm/PyPI packages, and compares them structurally against a watchlist of protected projects. Charge maintainers $5/month per project monitored. It’s like Have I Been Pwned but for your code getting ripped off.
Example: A 19-year-old comp-sci student in Romania scrapes new npm publishes daily, runs AST (code structure) comparison against the top 500 starred repos. Launches a free tier (1 project) and paid tier ($5/project/month). Gets 200 paid users from one viral post on the Hacker News front page. Revenue: $1,000/month by week 6.
Timeline: MVP in 4 days using existing AST comparison libraries. First paying user in 9 days. Scales to $3K/month before GitHub inevitably builds this feature natively in ~6 months.
🎣 The Corporate Panic Consultant
Every company with an open-source dependency is asking the same question right now: “Wait, can someone clone OUR proprietary code the same way?” The answer is legally different (proprietary code has different protections) but most CTOs don’t know that. Position yourself as the person who explains this distinction. Write a one-page threat assessment template. Charge $500 per 30-minute “AI IP risk briefing.”
Example: A former open-source contributor in Brazil (no law degree, just deep knowledge of licensing) creates a Calendly with $500/slot labeled “AI Clone Risk Assessment.” Posts a 3-minute explainer on LinkedIn showing how malus.sh works. Gets shared by panicking VPs of Engineering. Books 6 calls in week one = $3,000.
Timeline: First booking within 5 days of the LinkedIn post going up. Sweet spot lasts 8-10 weeks while the news cycle is hot. After that, actual lawyers catch up and undercut you. Cash out fast.
🛡️ The 'Unclonable' Code Layer
Here’s the galaxy-brain play: build a library/framework add-on that makes projects HARDER to clone via AI. Think of it as anti-AI obfuscation for open-source — not obfuscating for humans (readability stays fine) but structuring code in ways that break the spec-extraction step of clean-room tools. Intentionally couple business logic with implementation details that can’t be separated into clean specs without losing functionality.
Example: A 27-year-old systems programmer in Poland builds a Rust macro library called anticlone that weaves runtime behavior checks into compilation steps. If an AI tries to spec it out, the specs miss critical path-dependent behaviors. Publishes it, gets 400 GitHub stars in 48 hours from paranoid maintainers. Monetizes through a “pro” tier with auto-integration for popular frameworks — $15/month.
Timeline: Library published in 5 days. First viral moment in 8 days. Revenue starts day 14. Long-term viable because this becomes an arms race — every time clone tools improve, your tool needs updating. Recurring revenue as long as the threat exists.
🛠️ Follow-Up Actions
| Want | Do |
|---|---|
| Understand the legal theory | Read Plagiarism Today’s breakdown of “Cleanroom as a Service” |
| See it in action | Visit malus.sh (yes it’s real, yes it works) |
| Watch the original talk | Search “FOSDEM 2026 Let’s end open source together” |
| Protect your own project | Add structural complexity, use REUSE headers, and document your unique implementation choices |
| Track if you’ve been cloned | Set up GitHub code search alerts for your unique function names |
Quick Hits
| Want | Do |
|---|---|
| Search unique function signatures on GitHub Code Search and Sourcegraph | |
| Read the SPDX license list differences | |
| Add runtime-coupled tests and path-dependent behavior | |
| Follow the Software Freedom Conservancy for legal updates | |
| Position as compliance/IP risk consultant while CTOs are scared |
The GPL lasted 35 years as the immune system of free software. An AI just sneezed on it. Time to mutate or die.
!