Malus.sh promises a simple deal. Pay a penny per kilobyte. Upload your open source software. Get back a fresh clone, free from license strings. No attribution needed. No copyleft obligations. Just corporate-friendly code ready for profit. The site calls it liberation. Developers call it a nightmare. And it works.
This tool hit the scene recently, blending satire with stark reality. Created by Dylan Ayrey and Mike Nolan, it’s both a jab at open source exploitation and a functioning LLC pulling in revenue—hundreds of dollars, Nolan says. One AI agent dissects the input software to draft specs. Another, walled off from the original code, rebuilds from those specs alone. Tests follow for performance and bugs. The output? Functionally identical, but legally new. 404 Media broke the story on April 21, 2026, detailing how this echoes old-school clean room techniques but supercharges them with AI speed.
Clean rooms aren’t new. Back in 1982, Columbia Data Products reverse-engineered IBM’s BIOS. One team documented interfaces. Another coded blind. Courts upheld it—no infringement. IBM lost. Fast-forward. AI collapses the timeline from months to minutes. Cost? Negligible. Malus charges $0.01 per KB across dependencies. That’s pocket change for dodging GPL headaches or share-alike rules.
Nolan, a UN software architect and open source researcher, didn’t mince words. “It works,” he told 404 Media. He’d published on these communities for a decade, hearing endless boasts that open source had triumphed. Malus aims to shatter that complacency. Ayrey, founder of Truffle Security, posed the ethics question: “Even if the courts ruled that maybe this is legal… is it ethical?” Their FOSDEM 2026 talk laid groundwork, inspiring the tool. Watch it here.
Real-world precedent stings. Take chardet, a Python character encoding detector under LGPL. Dan Blanchard rewrote it with Claude AI, switching to MIT, then 0BSD amid backlash. He admitted AI slashes clean-room costs. “I have seen Malus.sh, and like many people, I wasn’t sure it was satire at first,” Blanchard wrote on his blog. But critics pounced. Mark Pilgrim flagged code similarities. Mike McQuaid of Homebrew fumed: “Whether or not Malus is satire, the concept it describes is already happening… the ethics fucking suck. That’s not liberation, it’s just technical debt.” GitHub issue here.
Malus’s pitch drips sarcasm. “Some licenses require you to contribute improvements back. Your shareholders didn’t invest in your company so you could help strangers.” Or: “Is your legal team frustrated with the attribution clause? Those maintainers worked for free—why should they get credit?” Yet clients pay. The business thrives. Satire? Sure. Profitable? Absolutely.
Legal experts see no clear violation. Meredith Rose of Public Knowledge noted laws assume human-scale effort. “The idea of collapsing that into something where you can press a button and get an entire package recreated is kind of wild, even though it is technically correct under the law as far as I can tell.” AI outputs count as original if no direct copying occurs, per case law. But scale changes everything. What took teams weeks now scales to thousands of projects daily.
Reactions poured in. Slashdot covered it April 22, 2026, sparking debates on their site. Reddit’s r/technology thread drew 155 upvotes, users decrying the ethics. X posts echoed alarm; one French user called it satire that functions. Broader context? Ars Technica explored AI license rewrites in March 2026 (link), while The Register warned AI kills licensing norms (link).
And here’s the rub. Open source relies on goodwill. Developers pour free labor into libraries powering tech giants. Companies comply—barely—with attribution or contributions. AI flips that. Why maintain when you can clone? Armin Ronacher blogged AI makes rewrites trivial (link). Technical debt mounts. Bugs unpatched. Communities erode.
Blanchard conceded the point. As a pro engineer, he doesn’t love upending software sales. “But I don’t think there’s any putting the genie back in the bottle.” Nolan hopes Malus forces reckoning. Can we get rich off this? Should we? Open source won, they say. Won what?
But wait. Is this isolated? No. Vibe coding—LLM-assisted slop—accelerates the drain, per a February 2026 404 Media report citing European research. OSS libraries wither as casual coders deploy unvetted AI output. Enterprises chase savings, ignore the rot.
So corporations cheer. Upload React. Clone it proprietary. Ditch MongoDB’s SSPL. The tool scans vulns too—irony noted. Developers? They’re left holding the bag. Nolan’s decade of warnings dismissed as academic. Now it’s real. Profitable. Scalable.
Copyright holds—for now. Clean rooms pass muster. AI just automates. But ethics? That’s fracturing. McQuaid nails it: technical debt everywhere. No oversight. No thanks. Malus exposes the fragility. Open source built the internet. AI might unbuild it, one clone at a time.
WebProNews is an iEntry Publication