In 1984, Phoenix Technologies used ‘clean room’-style of reverse engineering to recreate IBM BIOS software from scratch, which led to the explosion of the PC market. Now, a pair of engineers estimate that AI could be used to reverse engineer all open source software.
They proposed creating a ‘clean-room-as-a-service’ platform that can recreate any open source package, and all its dependencies, without any pesky licensing restrictions. They set up a mock Web site of a fake service, Malus, that explains the concept in hilarious detail.
Their fiendish plan exploits the collaborative nature of open source by using the infinite scalability of AI.
Dylan Ayrey, who founded the software company Truffle Security, and Mike Nolan, a United Nations software architect, introduced the idea at FOSDEM 2026.
PC Gamer, reporting on the project April 1, noted that Malus is clearly “tongue-in-cheek,” but that it also was “meant to highlight the problem that AI is posing for open-source software.”
Over the past few weeks, the idea has generated heated discussion in open source circles.
Idea vs. Expression
U.S. copyright law protects only the expression of an idea, not the idea itself. This has led to the legally-acceptable idea of clean room design, or the reverse engineering of a piece of art – such as software – can be done using only a set of specifications.
With “clean room engineering,” you “study the original, write a specification, hand that specification to someone who has never seen the source material, and have them build it fresh,” Nolan wrote on the Malus web site.
In the case of Phoenix, the company had one engineer review the IBM BIOS and create a specification that would recreate the exact behavior and interface of the original. Then a second engineer would use the specification, and, with no knowledge of the IBM code, created an entirely new BIOS that replicated the behavior of the original.
“It is perfectly legal. It has been for over a century,” the Malus creators wrote.
The Phoenix work took about four months of engineering time. With AI, it could take less than five minutes, they reasoned.
Chinese Firewall
In a fabricated technical explanation worthy of L.A.’s Museum of Jurassic Technology, the two detailed how a system to do the clean room engineering with the help of an unnamed AI.
With Malus, a user uploads the app’s manifest of dependencies (package.json, requirements.txt, or Cargo.toml, etc). The AI then recreates every package from scratch. It generates a set of all the specifications of the original application, using public documentation: README files, APIs, type definitions. But it doesn’t look at the original source code.
A second set of agents, acting completely independently from the first, then generates the code needed to exactly replicate all the behaviors of the original application.
The “process is deliberately, provably, almost tediously legal,” Nolan wrote.
The resulting code is then turned over to the user under a “MalusCorp-0 License,” which has zero attribution requirements, zero copyleft, zero obligations.
The code has no licensing restrictions, no dependencies from strangers, and because it is custom code, presumably no vulnerabilities (Assuming the unspecified AI is good enough to flawlessly write code).
The site even includes a price list for technologies it can “liberate.” Would you pay US$13.78 for your own replica of the Lodash JavaScript library?
The Very Real Flaws of Open Source
Even if Malus isn’t an actual working implementation, the very idea points to a very real problem with how the law currently protects the open source ecosystem.
“If AI can trivially circumvent these protections, the entire incentive structure collapses. No one will contribute to projects that can be instantly replicated without attribution. The commons will wither,” Nolan wrote.
In corporate speak, the project’s web site thanks all the open source contributors for their “thousands of unpaid hours” of work that “Fortune 500 companies have used to generate trillions of dollars in cumulative revenue.”
The strengths of open source are also its weaknesses, Nolan noted. It’s free, it’s transparent, and it’s maintained by volunteers.
Transparent means that it can be altered by attackers. And that it is maintained by volunteers means that anyone can take ownership, or it could be left for no one to maintain. That it is free means that companies that build their products on top of open source have no service-level agreements to fall back on when something goes wrong, or a vulnerability is exploited.
In addition to the security worries that come with using open source software, corporations also have to worry about legal risks around licensing. Accidentally including some GPL and AGPL-licensed code in a proprietary application could force the company to open source the entire package.
Of course, there’s a growing industry on securing open source software, with companies like Snyk. It’s “an elaborate system of risk management around code that was supposed to be free,” the authors write.
I Started a Joke
The idea behind the site was to show that open source faces a mortal danger from AI.
“Copyright was the immune system that made open source licenses enforceable. Our machines walk straight through it,” Nolan wrote.
In March, the site and the talk were posted on Hacker News, and generated a tsunami of comments, mostly around the nature of the legal system currently protecting open source.
“It’s laws failing to keep pace with technological development,” wrote user ndiddy. Reverse engineering can take many hours of human labor, so it is less likely someone would undertake the project. “If we treat AI the same way we treat humans here, it means that the barrier is gone.”
One viewer in the FOSDEM chat forum noted that “pretty much everyone I’ve shown malus.sh to has failed to realise it’s satire,” which he confessed left him unsure if the presentation worked or not.
Malus was noticed by popular YouTube tech journalist Michael Paulson, a.k.a ThePrimeagen, who noted that “Even if they take down the site, somebody will put it back up, somebody will make the money.”
In other words, someone will inevitably take this idea seriously, and if they implement it successfully, it will lead to “the death of open source software,” he predicted.
Devil in the Details
A start-up that chooses to replicate this business model will no doubt run into hurdles.
For starters, the Electronic Frontier Foundation and Software Freedom Conservancy will quickly swing in to defend open source projects being copied.
The defense will need to prove that the agents are actually clean, i.e. they weren’t trained on the very source code it was copying. And the new code must be completely free of any vulnerability-inducing bugs, given there will be no backup for remediation. A tall order for even the mightiest of AIs today.
Or the court might decide that the very use of AI for ripping off open source violates the intent of the original license under that code. If the service was intentionally built to evade the original license, then the judge can overlook the technical arguments in favor of damage it causes to the original project.
The Gnu GPL license has protected open source from the encroachment of powerful entities for nearly four decades. With AI, it will face its biggest challenge yet. And that’s no joke.
