Claude Opus and the AI Threat: Is Open Source in Danger?
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
Claude Opus and the AI Threat: Is Open Source in Danger?
In the tech world, an intense debate has recently intensified around the impact of artificial intelligences on the open source model. Several industry players have begun to question the viability of this model, particularly due to the growing capabilities of AIs like Claude Opus to analyze and exploit public source codes. This situation has caused a shockwave among open source advocates, who see this evolution as a potential threat to the transparency and collaboration that have long characterized this sector.
Cal.com and the Shift to Proprietary Licensing
In mid-April 2026, Bailey Pumfleet, the CEO and co-founder of Cal.com, made a radical decision by announcing the transition of his appointment scheduling software from an AGPL license to a proprietary license. This decision, explained in an interview with ZDNet, is motivated by the ability of AI models like Claude Opus to scan open source codes to detect security vulnerabilities in record time. According to Pumfleet, this evolution calls into question the inherent security of the open source model, which relies on human developers' ability to identify and fix vulnerabilities.
Peer Richelsen, a partner of Pumfleet, reinforced this position by highlighting that AIs disrupt the traditional balance of open source security by automating vulnerability discovery. A figure put forth by Huzaifa Ahmad, CEO of Hex Security, indicates that open source applications are five to ten times more vulnerable than their proprietary counterparts. Nevertheless, Cal.com has chosen to maintain a community version, Cal.diy, aimed at hobbyists, while the commercial version remains protected.
Claude Mythos Preview: An AI Model That Raises Concerns
The context of this decision is marked by the introduction of Claude Mythos Preview by Anthropic. This AI model has revealed thousands of vulnerabilities, including a 27-year-old flaw in OpenBSD, a system renowned for its security, and a 16-year-old bug in FFmpeg, which went unnoticed despite millions of automated tests. To support this initiative, Anthropic has invested $100 million in Project Glasswing, a consortium bringing together tech giants such as Microsoft, Apple, Google, Amazon, Cisco, CrowdStrike, Palo Alto Networks, and the Linux Foundation.
Cybersecurity Veterans Respond
However, this panic is not shared by everyone. David Lindner, Chief Information Security Officer at Contrast Security, with 25 years of experience, expressed his skepticism in the pages of Fortune. According to him, discovering vulnerabilities has never been the problem; the real challenge lies in fixing them. He cites a telling statistic: more than 99% of the flaws identified by Mythos have not been patched, according to a report from Anthropic.
Jim Zemlin, CEO of the Linux Foundation and a partner in Project Glasswing, proposes a different approach. He suggests that giving open source maintainers access to the same AI tools could enable them to fix vulnerabilities before they are exploited. According to him, open source software constitutes the majority of the code in modern systems, and closing it off would deprive the ecosystem of the public audit that has historically ensured its robustness.
Closing the Code: An Illusory Solution?
The debate crystallizes around the idea that closing the source code could prevent hackers from finding vulnerabilities. However, the history of cybersecurity shows that this approach, known as "security through obscurity," is ineffective. Experts emphasize that even without direct access to the code, hackers can use reverse engineering and behavioral analysis to identify vulnerabilities.
By closing their code, companies make external auditing more difficult, but not impossible. They also deprive users of the transparency needed to assess the quality of the security they are purchasing. AIs will continue to advance in their ability to analyze network behaviors, API responses, and execution patterns, even in the face of compiled binaries.
Cal.com's decision may well be the prelude to a broader trend. The same AIs capable of detecting vulnerabilities can also be used to fix them, provided that investments are balanced between offense and defense. This situation raises a crucial question for the future of open source: is Cal.com’s argument justified, or is it a disguised return to security through obscurity?
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.