GoKawiilThis is not an easy post to write.
When we started Cal.com, we believed deeply in open source. It’s a core principle we built this company around, and something we’ve been incredibly proud of.
Today, we are making the very difficult decision to move to closed source, and there’s one simple reason: security.
AI is changing everything. It’s transforming how we write content, build software, and operate day to day. But what’s talked about far less is how dramatically AI is changing the world of security.
In the past, exploiting an application required a highly skilled hacker with years of experience and a significant investment of time to find and exploit vulnerabilities. The reality is that humans don’t have the time, attention, or patience to find everything.
Today, AI can be pointed at an open source codebase and systematically scan it for vulnerabilities.
Being open source is increasingly like giving attackers the blueprints to the vault. When the structure is fully visible, it becomes much easier to identify weaknesses and exploit them.
In recent months, we’ve seen a wave of AI security startups productizing this capability. Each platform surfaces different vulnerabilities, making it difficult to establish a single, reliable source of truth for what is actually secure.
This uncertainty forced us to make a choice: remain open source and accept increasing risk to customer data, or move to closed source to reduce that risk. It’s not a perfect solution, but we have to do everything we can to protect our users.
At the same time, we still care deeply about open source. That’s why we are releasing a version of our codebase to the community under the MIT license as Cal.diy. While our production codebase has significantly diverged, including major rewrites of core systems like authentication and data handling, we want to ensure there is still a truly open version available for developers, hobbyists, and anyone who wants to explore and experiment.
... continue reading