Cal.com Goes Close Source Because "AI Can Easily Exploit Open Source Software"

Cal.com, a popular open source scheduling platform, is switching to a closed-source model after five years, citing AI-powered vulnerability scanning as a growing threat. Co-founder Bailey Pumfleet argues that AI can now systematically scan public repos for exploits with minimal effort, referencing a case where Claude Mythos found a 27-year-old BSD kernel vulnerability with working exploits in hours. The old codebase lives on as Cal.diy under the MIT license, but it lacks enterprise features like Teams, SAML SSO, and Workflows, and is recommended only for personal non-production use. Critics note that closing source doesn't inherently improve security and that AI can equally be used defensively, as seen with Linux kernel AI-assisted fuzzing. The piece questions whether AI was the real catalyst or a convenient justification for a business-driven closed-source transition.