Cal.com shifts from open source to closed source citing AI security threats
Original: Cal.com is going closed source
Why This Matters
Highlights how AI is forcing fundamental business model changes in cybersecurity
Scheduling platform Cal.com announced it is abandoning its five-year open source model due to AI-driven security vulnerabilities. The company will release Cal.diy under MIT license for hobbyists while moving production code closed source to protect customer data from AI-powered attack tools.
Cal.com co-founder Bailey Pumfleet explained that AI has fundamentally changed the security landscape, enabling systematic vulnerability scanning of open source codebases. The company cited the emergence of AI security startups that can automatically identify weaknesses in public code, comparing open source to 'giving attackers the blueprints to the vault.' While the decision abandons a core founding principle, Cal.com will maintain Cal.diy as an open source alternative under MIT license for developers and hobbyists. However, the production codebase has significantly diverged with major rewrites of authentication and data handling systems. The company stated this difficult decision prioritizes protecting customer data over open source ideals in an era of accelerating AI-powered security threats.