April 15, 2026
Calendar closed, comments on fire
Cal.com is going closed source
Cal.com locks the code: safety move or business pivot
TLDR: Cal.com is closing its main code to protect users from AI-powered hacking and leaving a hobby version, Cal.diy, open. Commenters are torn between applauding a safety-first move and blasting it as “security through obscurity” or a business pivot, with some urging Cal to use AI internally and keep openness alive.
Cal.com just slammed the door on its open code, saying the AI era makes sharing the “blueprints to the vault” too risky. They’ll keep a hobbyist version called Cal.diy open, but the main product is now behind closed doors. The announcement lit up the comments like a fire alarm, with readers split between “finally, common sense” and “wait, really?”
On one side, supporters cheered the pivot as a practical move in a world where AI can turbo-scan public code for weaknesses—Cal even cited a 27-year-old bug an AI dug up in a legendary system. One fan simply declared, “Great move.” On the other side, skeptics cried “security through obscurity,” arguing that hiding code isn’t real protection. Others called it a knee-jerk business play, suggesting self-hosting is getting easier and open-source customers were drifting away anyway.
The spicy middle? A clever counterpoint: if AI is so good at finding bugs, why not run those tools privately before releases and keep the code open? Someone invoked the old open-source mantra—“more eyes, fewer bugs”—then flipped it for 2026: “more bots, more problems.” Meme-wise, the thread had everything: vault jokes, “Calendars Closed, Comments Open,” and predictions of inevitable forks. Cal.diy felt like a peace offering to tinkerers—while critics warned it’ll quickly drift from the real deal.
Key Points
- •Cal.com is transitioning its production codebase from open source to closed source, citing security as the reason.
- •The company argues that AI can rapidly scan open-source codebases for vulnerabilities, increasing risk to customer data.
- •Cal.diy will remain as an MIT-licensed community version for developers and hobbyists.
- •Cal.com’s production code has significantly diverged from the open version, including major rewrites of authentication and data handling systems.
- •The article references an example where AI uncovered a 27-year-old BSD kernel vulnerability and generated working exploits quickly, illustrating the evolving threat landscape.