Open Source Isn't Dead. Cal.com Just Learned the Wrong Lesson (www.strix.ai)

Cal.com has announced a controversial decision to transition its core codebase away from open source, citing the rise of AI-driven vulnerability discovery as a reason for increased risks associated with code transparency. CEO Bailey Pumfleet emphasized that AI's ability to automate exploitation has shifted the landscape, making visibility into the code a potential liability. In response to this move, Strix, an open-source AI security platform, highlighted their deep respect for Cal.com while disagreeing with the conclusion that closing the code is a viable solution to modern security threats. Strix emphasizes that AI-enabled security tools do not require access to source code to identify vulnerabilities, as they can effectively perform black-box and grey-box testing. By opting for security through obscurity, Cal.com risks relying on limited internal resources against the ever-growing threat posed by automated AI attackers. Strix advocates instead for integrating AI security agents throughout the development pipeline to ensure continuous, automated validation. Their stance is that open source remains vital, believing that transparency enhances security and empowers developers to defend against AI-driven threats more effectively.