Sources
Cal.com Goes Closed Source After 5 Years, Citing AI-Powered Vulnerability Discovery — Releases MIT-Licensed Cal.diy Fork
Cal.com announced on April 14 it is closing its production codebase after five years as open source, arguing AI can now systematically scan open codebases and generate working exploits. They cited Anthropic's Mythos identifying a 27-year-old OpenBSD vulnerability and a 16-year-old FFmpeg bug that automated tools missed across 5 million scans. The production repo moved to private; enterprise users get GitHub invites. A community fork, Cal.diy, was released under MIT.
↳ Follow the thread