Cal.com, a scheduling software provider, is moving its core codebase from open source to a closed repository. The company cited vulnerabilities to AI-powered attacks as the primary reason for the shift.
Cal.com's decision marks a significant departure from open-source principles, driven by concerns that publicly available code can be exploited by AI tools. The company stated the move addresses modern security threats rather than traditional vulnerabilities.
The scheduling platform joins a growing list of companies reconsidering open-source strategies in response to AI capabilities. By closing its core repository, Cal.com aims to reduce exposure to automated code analysis and potential exploitation by machine learning-based attackers.
While the company remains committed to supporting its existing open-source community, the core infrastructure will no longer be publicly accessible. This decision reflects broader industry tensions between transparency and security in the age of advanced AI tools.
The move underscores emerging concerns about how AI systems can identify and weaponize vulnerabilities in publicly shared code at scale—a challenge traditional open-source security models may not adequately address.
Federal prosecutors have unsealed a 2024 indictment charging three Russian nationals and two web hosting services with facilitating cyberattacks and money laundering that victimized cybercrime targets of $62 million.
A hacker accessed Suno's source code using stolen employee credentials, revealing that the AI music generator scraped decades of audio from YouTube to train its model.
Criminals can now clone voices with AI in mere seconds, outpacing traditional authentication defenses that banks and financial institutions rely on to prevent fraud.
Five malicious versions of AsyncAPI packages were published to npm, delivering a remote access trojan capable of stealing credentials and sensitive data from developer systems.