Cal.com moves to closed source model and releases Cal.diy

Cal.com said it moved to a closed source model after what it described as increased security pressure tied to AI-enabled attacks on open source software. The change affects how the company handles data tied to bookings and how developers interact with its platform.

In the company’s account, open source security depends on people to find and fix problems, while attackers use open code to study and target systems. Cal.com also cited a rise in security demands over the prior four months and referenced third-party confirmation of vulnerabilities in open source.

Cal.com and quoted security-related sources in the release tied the risk to publicly available code, stating that open source applications are 5–10× easier to exploit than closed ones. The release also referenced a Mythos model from Anthropic that it said broke into some secure software systems, including OpenBSD.

The company said it announced the move to a closed source model for its core platform and continued to publish Cal.diy as a fully open-source version aimed at hobbyists. “We are committed to protecting sensitive data,” Pumfleet said. “We want to be a scheduling company, not a cybersecurity company.”

“Cal.com handles sensitive booking data for our users,” Pumfleet said. “We won't risk that for our love of open source.” The release added that Cal.diy would allow experimentation while closed application access would handle high-stakes data.

Netskope and Glasswing detail Claude Mythos Preview vulnerability work

Netskope One AI Command Center details AI inventory, mapping

JupiterOne launches Continuous Controls Monitoring