Cal.com going closed-source as AI agents overwhelm open-source security and review processes

Yep. Appreciate it. Thanks for having me on, guys.

Thanks so much. We'll talk to you soon. Have a good day.

Byebye. Up next, we have Bailey Pumfleet from Cal.com. Cal.com is considering going closed as AI agents overwhelm the open- source ecosystem. We're excited to have Bailey join us. How are you doing?

What's going on? Welcome to the show.

Hey, how's it going? Been a busy day.

Yeah, very busy day. Uh, please introduce yourself and the company. We've we've reacted to some Cal.com posts in the past, but uh it's a fascinating company. So take us through uh the shape of the business, a little bit about yourself, and then we'll go into the decision today.

Yeah, Calcon has been an open-source scheduling software. We've been around for like five years. The whole company built around being open source. Yeah. Me and my co are huge fans of the open source space. And um yeah, today we we made the announcement that we're actually going to be closing source, which is a a very tough decision and quite a controversial one. Before you before you continue, your audio keeps kind of cutting in and out. Do you have uh headphones or I don't know if you're kind of covering your your mic at all. I don't know if you're picking that up.

Yeah. Yeah, it sounds a little muffled.

Hearing every other word.

Oh dear. Is that sound any better?

That's a lot better actually. Whatever you did.

That's a a Zoom a Zoom magic.

Yeah, thank you. Um but yeah so um you know we we started this company as huge believers in open source and um to a lot of shifts in AI um the whole sort of risk perspective has completely changed. AI is now able to break code at completely unimaginable speeds. It's the one thing that nobody's really talking about. Um we've seen little drops about like anthropics mythos model and nobody has really taken the time to just kind of understand the ramifications which things like that can have on not just open source but broader application security.

Uh what was the business model uh in the prior era? How how if you're an open source software uh how do you keep the business running?

Fundamentally the business model has not changed at all. Um, so we've always been open source and the code has been open and that's mainly for the things that the average person would need to be able to run their own you know scheduling service um on their own domain or something like that. Um, as a business, we actually sell this software commercially and um, you know, open source is actually something that benefits us commercially because we can go to people and we can say, "Hey, you can look at the source code and you can verify that we're not doing anything sketchy with your calendar data."

Uh, what if any are the benefits of being open-source during the, you know, AI agent boom? because I imagine that you are getting automated pull requests and vulnerability reports. Are there any silver linings that you know things you put in the in the pro column before you realize that the con column overwhelmed the pros?

Yeah, I think a lot of these things remain to be true that you know with open source everybody can audit your code. Um so you know especially with AI producing a lot of slop nowadays um the one thing that we have going for us is that we have code which is written by humans and reviewed by humans and so it definitely creates a lot of trust in that sense. Um it's just that um you know for us there's there's a lot of pros really. Um and we also just genuinely care about open source. We care about trying to do the right thing with this business. we're going to make money and we're going to do our thing whether we're open source or not. And I think one of the common misunderstandings um about this discussion is that it's some kind of like business decision um that it leads to greater profit for us. But um you know really we just always try and do the right thing by our customers and and by our community.

Yeah. Um talk about uh reputation farming attacks. I I haven't heard that much about this. Uh what is going on in the open source ecosystem with reputation farming?

Yeah. What do what do you mean by reputation farming specifically? I'm not

specifically like like agents that are trying to go and make lowquality contributions in order to uh you know uh earn some sort of reputation in the open source ecosystem so that they're more likely to see other poll requests uh accepted. Yeah, I I asked for clarification there because there's actually a lot of different sort of like branches of reputation farming here. You have um you have for instance like these people out here who are just trying to use AI to attack open source um to just like get cheap bounties. Um you get people who are using AI to make small contributions to open source and maybe they might be trying to get open source bounties for developing code. Maybe the end goal in sight is to uh get a job at one of these sort of companies or something like that, but you know, just like how we see a ton of AI slop on LinkedIn and things like that, um we're seeing a lot of AI slop on GitHub. Granted, for us that doesn't really affect everything that's happened today. um we don't make any decisions because you know there are some like AI slop pull requests but that is something I'm hearing a lot from other projects um where it's really hard for smaller teams to deal with just the sheer amount of review workload.

How are is there I mean it's weird because you're already open source there's always the possibility that a paying customer would say you know what I'm just going to self-host this. Uh so in some ways by being open- source you don't really face the competitive threat of oh I'll just vibe code this software and I won't use something off the shelf or I won't pay you but is is there a business threat from AI? Is the business threat greater now that I mean obviously the model capabilities are are greater but uh being closed source sort of incentivizes people to say hey if I want to get it for free I should vibe code it. Yeah, I think the question about can vibe coding replace my SAS startup is, you know, the the hot thing right now. We feel pretty confident in our defense of that whether we're open or closed source because scheduling is so fragile and so nuanced. Like if if you say, "Okay, I can build a basiculer in a weekend. I probably believe you. You probably can. But to build something the scale of cow.com that actually works in all these enterprise use cases and things like that, it's a lot harder to be honest. And um you know, you're going to run into so many little hiccups that just AI um you know, sort of vibe coding can't currently sort of hit. Yeah, it's it I I I mean I have to imagine that the models will be able to to create a good scheduling app, but it's more about I I and I wonder if you agree with this, but it feels like it's more about the potential of uh just a company prioritizing their time because there's if there's so many other things and you're spending your time rewriting and maintaining all of your custom in-house vibecoded tools, uh if you just pull something off the shelf, even if it just costs a you know, 20 bucks a month or whatever. Um, you're just going to have more mind share towards, oh, the scheduler broke or it's down or it there's a security vulnerability, we need to patch it. Instead, you can go focus on whatever your actual business is. And so, I imagine that the prioritization is a big factor there, too.

Yeah. I mean, it's the same way. Nobody's going to build their own Stripe for payment processing or you're probably not going to build intercom for your customer support. you absolutely can do that, but is it really worth it at the end of the day? Um, for us, sort of our business model has never really relied on sort of gatekeeping anything.

Um, but just more that bringing something out of the box and just deploying it and getting selling is the most important thing to pretty much every founder.

Yeah. Well, thank you so much for taking the time to come and explain it to us and break it down. Good luck with the decision and uh and the reaction from the community. and one of my favorite.coms.

It is a great.com, cal.com.

Thank you.

Still underrated even even after all these years building on it. So,

well, uh, have a great rest of your day. We'll talk to you soon. Have a good one, B.

Thanks, guys.

Goodbye.

Up next, we have Han Wong from Mint Lefi. He is the co-founder

and Alirds. The markets are closed, but Alberts is down almost 10% after hours

off of the high

ended at 17. Okay, that's pretty high. That's a very big departure from it was