AI Tool 'Malus.sh' Sparks Copyright Debate by Cloning Software Without Attribution

AI-Powered 'Clean Room' Cloning Challenges Software Copyright

A new AI tool named Malus.sh is raising concerns in the tech community by using artificial intelligence to replicate software without adhering to original copyright or open-source licenses. The tool, developed by an LLC with paying customers, employs a "clean room" design process to recreate software functions independently, effectively bypassing legal restrictions tied to the original code.

The project, described as a "tongue-in-cheek jab" at open-source tensions, is led by cofounder Mike Nolan, a researcher in the political economy of open-source software at the United Nations. Nolan told 404 Media that the tool’s existence reflects real economic pressures in the tech industry, stating:

"If it were just satire, it would largely be dismissed by open source tech workers who felt that they were too special and too unique and too intelligent to ever be the ones on the bad side of the layoffs or the economics of the situation."

How Malus.sh Bypasses Copyright Restrictions

The "clean room" process used by Malus.sh is not new—it dates back to IBM’s competitors reverse engineering its computers in the 1980s. Traditionally, this involved two teams: one analyzing specifications to recreate a component like BIOS, and another team with no prior exposure to the original code. AI has now streamlined this process, allowing code-generating tools to replicate software functionality without ever accessing the underlying code.

Malus.sh’s website advertises the service with the tagline:

"Finally, liberation from open source license obligations. Our proprietary AI robots independently recreate any open source project from scratch. The result? Legally distinct code with corporate-friendly licensing."

The website further emphasizes:

"No attribution. No copyleft. No problems."

Real-World Implications: The 'Chardet' Case

Malus.sh may seem like satire, but its premise mirrors real-world developments. In June 2024, a new version of the popular open-source Python library chardet sparked debate when developers used Anthropic’s Claude Code to create a "ground-up, MIT-licensed rewrite" of the library. The rewrite, which did not acknowledge or credit the original authors, triggered discussions about the ethics and legality of "clean room" copies in open-source communities.

Dan Blanchard, a developer involved in the rewrite, told 404 Media:

"I have seen Malus.sh, and like many people, I wasn’t sure it was satire at first, because I’m sure someone will probably make that for real eventually."

Blanchard ultimately applied an open-source community-approved "zero-clause BSD" license to the rewritten library, but the incident underscored broader concerns about AI’s role in software licensing.

Industry Fears: AI as a Threat to Software-as-a-Service

The rise of AI-powered cloning tools like Malus.sh has intensified fears among software-as-a-service (SaaS) companies. Competitors could use such tools to create customized versions of proprietary software, potentially rendering expensive SaaS offerings obsolete. This concern has already impacted stock prices, with companies like Oracle experiencing significant sell-offs earlier in 2024.

The debate over AI, copyright, and software licensing shows no signs of slowing, as tools like Malus.sh push the boundaries of what is legally and ethically permissible in the digital age.