AI-Powered Open-Source Code Laundering
Key topics
The discovery of AI-powered code laundering raises concerns about the integrity of open-source code and the potential for AI-generated code to infringe on copyrights, sparking a heated discussion about the implications of AI on the tech community.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
3h
Peak period
33
6-12h
Avg / period
7.3
Based on 87 loaded comments
Key moments
- 01Story posted
Oct 4, 2025 at 7:26 PM EDT
3 months ago
Step 01 - 02First comment
Oct 4, 2025 at 10:47 PM EDT
3h after posting
Step 02 - 03Peak activity
33 comments in 6-12h
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 8, 2025 at 7:10 PM EDT
3 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
One can setup a site to crowdsource laundering 8-10 second sections of an entire movie and then stitching it back.
the author is going good. it's not a new normal until everybody goes quiet
This doesn't mean anything. You have no ability to "normalize" anything. It's not an action that somebody can take.
> it's not a new normal until everybody goes quiet
Real let me speak to your manager energy. Nobody is waiting for you to go quiet to get on with things.
Normalisation isn't something that one person by themselves can achieve. It only happens when public opinion is swayed. How is it swayed? By people deliberately trying to sway it, like GP here.
If you are instead arguing that normalisation is not really a thing at all: What do you call the change in attitudes to people who are left-handed, disabled, or homosexual?
You can if you convince everyone to stop making a fuss because it's the new normal. The comment literally said "it's the new normal".
Recognition of realities is different from wishing for things to occur. If you think you can stop unethical people from AI washing your software, feel free to try, you will fail.
> If you think you can stop unethical people from AI washing your software, feel free to try, you will fail.
Posts like these = trying to stop unethical people from copyright (copyleft) washing. Telling people writing these posts that it's the new normal is basically saying they are doing pointless thing, while they are doing something very good
You can whine about something till you're dead, but incentives drive actions, full stop. Instead of whining about normalization, lobby lawmakers to make actual change and build tools to help creators detect the issue.
2 The incentives is to steal and rampage and rape. Some incentives deserve to die in fire, period. To change incentives we punish people or change people. Posts like these help
I think trying to shut up these efforts by saying this is "normal" is only done by people in that industry or invested in it who profit from this disaster
If the incentive was to steal and rampage and rape, people would be doing it more. The incentives are reversed though; 10 years in prison for rape, 6 years for stealing, and the odds are you will get caught eventually. If we removed law enforcement, there would be a lot more stealing and raping, though people would take justice in to their own hands as they did in cases of theft and rape in olden times.
Ultimately this is a dumb back and forth because we agree about the wrongness of the act, we just disagree about the best course of action and the ultimate value of certain approaches. You keep doing you, but if you really care about this I'd suggest you do something more productive than trying to high horse people on the internet about norms.
I welcome AI to copy my crap if that's going to help anyone in the future.
There are like a dozen organizations globally creating anything close to state of the art models. The fact that you can use some for free on your own hardware doesn’t change that those weights were trained by a small cohort of people, with training data selected by those people, and fine-tuning and “alignment” created by those people.
Sure you can fine-tune the smaller ones yourself, but that still leaves you at the will of original creator.
There is open source training and inference software. And there are open weights.
Those things are not enough to reproduce the training.
Even if you had the hardware, you would not be able to recreate llama (for example) because you don't know what data went into the training.
That's a very weird library. You can get their summaries, but you don't have access to the original works used when creating it. Sounds terrible, open source or not.
Instead, I feel like the objections are (rightly) these two issues:
1. GenAI operates at a much larger scale than an individual artist. I don't think artists would have an issue with someone commissioning a portrait say in the style Van Gogh (copyright argument). They would have an issue if that artist painted 100,000 pictures a day in the style of Van Gogh.
2. Lack of giving back: some of the greatest artists have internalized great art from previous generations, and then something miraculous happens. An entirely new style emerges. They have now given back to the community that incubated them. I don't really see this same giving back with GenAI.
Edit: one other thought. Adobe used their own legally created art to train their model, and people still complain about it, so I don't buy the copyright argument if they're upset about Adobe's GenAI.
Edit 2: I'm not condoning blatant copyright infringement like is detailed in this post.
I disagree. There is a ton of free AI generated text, code, images, and video available for completely free for people to learn from.
I’m not a big fan of the copyright system we have myself, but there’s a reason it exists. AI companies illegally training their AI on copyrighted content to reap the spoils of the hard work of other people that never get recognition for their work is the opposite of „giving back“.
If you really think all they do is observe, form a gradient from millions of samples and spit out some approximations, you are deeply mistaken.
You cannot equate human learning with how genai learns (and if it did, we'd have agi already imao)
I don't think that computer systems of any kind should have the same right to fair use that humans have
I think humans should get fair use carve outs for fanart and derivative work, but AI should not
2. LLMs will give back what you put in + what they learned, it's your job to put in the original parts. But every so often this interaction will spark some new ideas. The LLM+human team can get where neither of them would get alone, building on each other's ideas.
One unfortunate side-effect is the junior engineers who cannot immediately exceed the AI are not being hired as often. But this era echos the dotcom boom, where very low-skilled people commanded very-high wages. Universities, which have always been white collar job training but pretended they weren't, are being impacted greatly.
https://registrar.mit.edu/stats-reports/majors-count
24% of undergraduate MIT students this year have Computer Science in the title (I asked chatgpt to calculate this from the difficult-to-parse website). 1/4 of all MIT undergraduates are not being trained to be future PhD researchers - they, like all other schools, are training the vast majority of their students for private sector workforce jobs.
The culling is happening all over. We will likely go down to < 1000 colleges in America from 4000 now over the next 15 years.
This is a good thing. The cost of university degrees is far too high. We are in the midst of a vast transition. College should return to being the purview of the truly intelligent and the children of the rich, as it was for all time before WW2. This very weird experiment in human history is ending, and it cannot happen soon enough
You're likely correct that we're witnessing a reconsolidation of wealth and the extinction of the middle class in society, but you seem happy about this? Be careful what you wish for...
My concern now is a large number of under-employed college graduates who are indebted to worthless degrees, feeling pinched because the debt far surpasses their market value. This has been the case for a long time, but has now reached the upper-echelons of academia where even Ivy league grads cannot get employment. You need to re-calibrate your ire to the correct target
Some of us value education for its own sake, not as a prerequisite for employment.
Who do you think is the correct target? Big institutions? The college system?
I hope that new societal avenues are created to help young people start their careers, even if those careers are in fields like plumbing, nursing and hospitality. I also hope efforts are made to help white collar workers transition into other (lesser-paying) careers when AI really starts to permanently reduce the size of the white-collar workforce.
https://www.sps.nyu.edu/explore/degrees-and-programs/bs-in-h...
Please, tell me how going $300k in debt for an undergraduate degree in Tourism Studies benefits society, or the student
Sure people can learn hotel management outside of university. But outside of nepotism who will trust random strangers with no qualifications to get their foot in the door?
And you make it sound like socializing the cost of improving outcomes for the next generations as a negative. What is the point if society if not that? Even from a purely selfish perspective, The next generation will take care of me when I am too old to do it myself. I’d want them to be in a good state by then
Do you think you got to wherever you are now without some part of socialized cost of society getting you there?
You have missed my point entirely. These degrees have no value. I would argue they have negative value when factoring in their cost in resources and wasted time
(Also ignoring the thousand first years at the end of the list.)
The various 0.5 half-student quantities throw some doubt on the measurement too.
Yeah, the world was a better place when it was mostly white males having that chance.
/s
[As a side note, the problem with LLMs (sorry, the term "AI" became so muddy I prefer not to use it) is that they tend to be extremely uncreative and just average to mean. So I wouldn't expect added value in creativity itself, just helping humans with more menial tasks just like antirez is doing.]
I don't know if this was intentional misspelling or not but it's damn funny
This is the most appropriate lens through which to assess AI and its impact on open source, intellectual property, and other proprietary assets. Alongside this new form of collaboration comes a restructuring of power. It's not clear to me how our various societies will design this restructuring (so far we are collectively doing nearly nothing) but the restructuring of these power structures is not a technical process; it is cultural and political. Engineers will only offer so much help here.
For the most part, it is up to us to collectively orchestrate the new power structure, and I am still seeing very little literature on the topic. If anyone has a reading list, please share!
They surpass open source, "out-open source-opensouce" by learning skills everywhere and opening them up for anyone who needs them later.
The fatal flaw of the open internet is that bad players can exploit with impunity. It happened with email, it happened with websites, it happened with search, and now it's happening with code. Greedy people spoil good things.
Before LLM you needed time and abilities to do it, with AI you need less of both.
With the current weakening of it, it opens the door to abuses that we don't have the proper tools to deal with now. Perhaps new ones will emerge, but we'll have to see.
AI has tipped that nuanced balance in a way that is both destructive, and unsustainable. Just like any other fraud or ponzi.
Cost/loss constraint function now favors the unskilled, blind, destructive individual running an LLM who spits on all those that act with good faith. Quite twisted.
No, it won't kill open source, just as it hasn't killed the Internet.
That gives anyone the right to get the source code of that commit and do whatever.
The article does not specified if the company is still using the code AFTER the license change.
The rest of the points are still valid.
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
Which the other party was not doing.
Also is it legal to start with MIT and change to Apache midway? The laws around opensource licensing are so tricky and cutthroat at this point.
Also does anyone know what this Intentional License is from the other party, I have never seen it before. It seems that's what their main package is while the other packages are Apache. If its custom is it even legal to just create a new OSS License out of nothing?
There's too much gray area with OSS especially when it comes to legalities we almost need a standard.
But the reality is, they lied to everyone and I'm a chained victim. I was introduced to him by NativeScript, and before that he didn't even know the existence of rEFui. Now rEFui has become the most important fundament of their entire project, clearly indicates that they want to get something for nothing from the very beginning.
Till now they still didn't answer me why they made the basic mistakes and how it was fixed.They avoid everything I ask about them unless I presure them very hard, they'll give a very vage respond that answers nothing.
> is it legal to start with MIT and change to Apache midway?
As the author of the project, I have every right to change the license to anything. But also, I didn't wash the history to hide that the project was MIT. Technically I can, but that actually violates MIT itself and I don't want to be someone that say one thing and do another.
> even with attribution clearly given
They won't until I presured them very hard. They also washed much more than my projects, but also without attribution until I notified those project's authors. Actually, till now the code are still not fully attributed, only few get a proper attribution. They have now extracted code blocks from my original project into many many small separated files (potentially trying to hide the origin even further), but the code logic are actually not changed at all. According to those license, each piece of code they extract should keep an attribution to my original project.
I have a backup of the deleted project that contains the entire commit history of how he laundered these projects, and I can provide the entire Discord message history if you need evidence of all my statements.
> They also washed much more than my projects,
There's a lot of projects that use others as the basis of theirs as long as they have given attribution and have created a different upstream. Also the projects seemed very different from each other. If the case is a washed up project then that actually means its a completely different project.
> till now the code are still not fully attributed
My advice will be to reach out to the authors and point exactly the files you think is missing attribution. Since they have already added attribution and licenses as I can see, then I'm sure a few missing notices wouldn't kill them. But that's something you'd need to work out with them.
> I have a backup of the deleted project that contains the entire commit history of how he laundered these projects,
This is not relevant if its a deleted repository. I would suggest you focus on the new project you think is still in violation instead of referring to a completely different project if you want to hold a good stance.
In my opinion there's really no value in code anymore, I think the value should be what problem you are solving in a unique way. There are already millions of open-source projects on the internet and any one of them could have the same logic not because someone copied the other but because they were probably trying to solve the same problem and hence came to the same conclusion.
> Till now they still didn't answer me why they made the basic mistakes and how it was fixed.They avoid everything I ask about them unless I presure them very hard, they'll give a very vage respond that answers nothing.
As someone who has been in the industry for a long time, this comes off as entitled and demanding which may put the other party off and force them not to collaborate with you, I have seen this happen many times when people reach out to others to use their work as the foundation for a new work there is usually a sense of collaboration involved especially in OSS. When one party becomes entitled this is what causes forks and upstreams.
If you ask me as someone who has been in the same position as you it really is an easy fix. Simply reach back out in private since you've already been introduced without any anger or grandiosity (I know the situation can cause one to feel emotional). Someone arguing in good faith is always better than someone venting or spiraling. This will also be a good look for you and your project otherwise everyone one on the internet will just keep telling you what you want to hear but not the reality of how the industry work or how to actually fix it.
> it's totally not worth a "hall of shame"
You are right here. Imagine if every project that upstreamed another MIT or Apache project added this to their repository. An example would be if Feather Icons added Lucide Icons to their hall of shame because Lucide Icons created a derivative but still totally different work from Feather Icons. Also, Imagine someone added your own project to their hall of shame, you would no longer want to work with them would you? OSS has always been about community and collaboration. This is not it.
But my opinion are just mine feel free to approach this anyway you like but nobody wants the creators of the projects they use to have a bad look.
> I'm actually glad that someone finally appreciates my works and make them useful
I think you already have leverage here since they are most likely to even go out of their way to keep you happy but you just have to approach it from a sensible way especially if they are people with more resources than you which it seems if they where introduced by NativeScript.
> clearly indicates that they want to get something for nothing from the very beginning
Since they where introduced to you by a trusted party then your assessment on them trying to get something for nothing may not be true. Because bad actors would usually not bother in the first place. So its most likely they don't actually have any bad intentions and where probably put off by something else. Also you mentioned they Sponsored you in the hall of shame this is not the behavior of people with bad intentions. I'm just saying there is a possibility that you are seeing or approaching this wrongly.
> which we can all see in their licenses and in some file notices.
Not enough. If not they have lied to me, I won't care about the file-level attribution at all.
> I think the value should be what problem you are solving in a unique way
Yes, the code contain my own construction of a signal system implementation and my own algorithms that AI's can't get them shuffled or rewritten.
> which may put the other party off and force them not to collaborate with you
I actually assisted them pretty well at the beginning, until I discovered that they're lying. They reached me through NativeScript(which is proved to be another vitim of them later), and promise me that they're making a huge ambitious project that even Google and Meta failed.But they're making really really basic mistakes that even a noob should know where the problem is, and they didn't even try to address the problem themselves - I pointed out the problem, and they just refuse to investigate and debug, refusing it really hard. It's them that first starting to not cooperate.
> Also, Imagine someone added your own project to their hall of shame, you would no longer want to work with them would you?
This happens *after* their non-cooperation.
> which it seems if they where introduced by NativeScript.
NativeScript is also been lied to. They tell me that they plan to acquire NativeScript but failed at giving evidences that they have the ability to do so. When I asked NativeScript side about the acquision, they're shocked to hear this, and denied the possibility of being acquired as it is now a OpenJS Foundation project.
> Since they where introduced to you by a trusted party
That's their trick. They claim they worked for Nvidia, it tricks NativeScript and then they can use NativeScript's introduction to trick me. It is almost impossible to verify that they really worked for NV but it tricks people into beliving they're capable of something big, but actually they can't even debug such a simple problem on their own.
> Also you mentioned they Sponsored you in the hall of shame this is not the behavior of people with bad intentions.
It's also their trick. They want to get much more from me beyond the project itself, totally ignoring that I have my own projects and plan. Also the price they claim to pay for what I'm going to do is really really low, considering how ambitious the project is and how incapable themselves are.
Internet plus AI implies the tragedy of the commons manifested in the digital world.