Malus.sh is a service that takes an open-source library, runs an AI-assisted "clean room" rewrite of it, and ships the result under whatever license the buyer wants — usually MIT or BSD, deliberately stripped of the original project's copyleft or attribution requirements. The tool's pitch on its own site is unsubtle: "Legally distinct code with corporate-friendly licensing. No attribution. No copyleft. No problems." Cofounder Mike Nolan, a UN researcher who has worked on the political economy of open source, runs the LLC behind it. The first concrete example to draw developer attention: chardet, the widely-used Python character-encoding-detection library, was rewritten using Anthropic's Claude Code last month and republished under an MIT license that has nothing to do with the original project's history.
The legal theory is genuinely old and genuinely sound. Clean-room reverse engineering is the doctrine that produced the IBM-compatible PC industry: one team specifies what software does, a separate team writes new code from those specs without ever seeing the original, and the resulting code does not infringe the original's copyright because no copying happened. Phoenix Technologies built a clean-room BIOS in the 1980s and survived legal challenge. Compaq did the same. The doctrine has held up for forty years. What has changed in 2026 is the cost: a rewrite that used to require a Chinese-wall team and months of careful process can now be done by one engineer, in days, with an LLM doing the heavy lifting. Developer Dan Blanchard, commenting on the chardet incident, put it bluntly: "I don't think there's any putting the genie back in the bottle at this point."
The unspoken hole in the legal theory is whether AI-assisted rewrites actually qualify as clean-room. The classical doctrine assumes the rewriting team has zero exposure to the original code. Claude Code, GPT-5, and every other coding model on the market are trained on huge amounts of public source code, including chardet, including the GPL libraries Malus.sh is presumably most useful against. When you ask such a model to "rewrite this library given these specs," the model may not have the original file open, but it has read it during training and may reproduce structure, comments, or even verbatim chunks. No court has yet tested whether that constitutes derivative work, and the AI training cases currently working their way through the system are mostly about output similarity, not the in-between question of whether trained-in knowledge counts as access. The first lawsuit Malus.sh draws is going to be the test case for that question.
For developers, the practical reading is that this is bigger than chardet and bigger than copyright. The implicit deal of open source — you get my code, you respect my license — is the only thing holding the ecosystem together, and it depends on a social norm that is now cheap to bypass. License stripping was always possible; it just took enough effort that most companies chose to comply or to pay. AI compresses that effort by an order of magnitude. The defensive moves available to maintainers are limited: dual-licensing with commercial terms, trademark on the project name (you can clone the code, but you can't call it chardet), and contributor agreements that give the project's foundation standing to sue. None of those help with libraries that are already permissively licensed. The honest answer is that the ecosystem is going to need new norms, new tooling for provenance, and probably a new wave of court rulings before any of this settles. In the meantime, the genie is in fact out, and the only question is what shape the rules take when they catch up.