Back in 2023, I wrote a post titled "The upcoming SaaS bubble burst" where I argued that AI would enable individual developers to replicate SaaS products at a fraction of the cost, turning high-margin businesses into commodities.
I was wrong about the timeline. It's happening right now.
The Legal Hack That Started It All
In 1982, a company called Phoenix Technologies wanted to create IBM PC-compatible computers. The problem? IBM's BIOS was copyrighted. Their solution was a "clean room" process: one team reverse-engineered the BIOS and wrote a functional specification, then a completely separate team—who had never seen the original code—implemented a new BIOS from scratch based solely on that specification.
It worked. Courts ruled it legal because the second team independently created the code; they never copied anything. This became established legal precedent.
Fast forward to March 2025: a satirical (but functional) service called Malus.sh appeared, offering "Clean Room as a Service." The name itself—Latin for "evil"—was a joke, but the concept was deadly serious. Pay them, upload your dependency manifest, and their AI systems would reimplement your open source dependencies under any license you wanted. GPL becomes MIT. AGPL becomes proprietary.
The service was presented at FOSDEM as a warning to the open source community. The Hacker News discussion exploded with over 1,400 comments debating whether this was the end of copyleft or just a clever thought experiment.
Around the same time, someone attempted exactly this with the chardet Python library—using Claude to rewrite it from LGPL to MIT. The open source community was furious.
But here's what truly terrifies me: this is unstoppable.
The Two Directions of Liberation
There are two scenarios playing out simultaneously:
1. Open Source → Commercial (GPL → MIT → Proprietary)
Companies have always hated copyleft licenses like GPL and AGPL because they require sharing modifications. If you can reimplement the software cleanly, you eliminate that obligation. No more "viral" licensing concerns. No more open source compliance headaches.
2. Commercial → Open Source
This is the scenario most people aren't talking about. SaaS applications don't expose their source code, but they do expose their behavior. Every button click, every API response, every error message is observable. Feed that to an LLM, produce a specification, have another LLM implement it. The source code was never "seen."
For SaaS, the clean room defense is even stronger because there's literally no source code to contaminate the process.
Why This Is Unstoppable
I know what you're thinking: "But the LLMs were trained on that code! They've seen it!"
You're right. Someone demonstrated that Claude can reproduce chardet's source code verbatim from memory, including the license headers. The training data is contaminated.
But here's the thing: the architecture can be fixed.
Imagine a two-LLM system:
- LLM 1 ("dirty room"): Analyzes only public documentation, API specs, README files, type definitions. Never sees source code.
- LLM 2 ("clean room"): Trained specifically WITHOUT the target project's code. Receives only the specification from LLM 1.
Or a three-LLM system. Or more. Each hop makes the provenance harder to trace. Add different base models, different hosting providers, different jurisdictions. Good luck proving in court that the final output was "copied."
For SaaS, it's even simpler. Point an AI agent at the UI. Let it click around, observe responses, document behavior. Feed that documentation to a clean model. Where's the infringement?
The legal standard for clean room implementation was designed for humans with imperfect memories working for months. When AI can do it in hours with perfect documentation, the entire framework breaks down.
The Government Dilemma
Governments will eventually have to respond. But their options are all bad:
Software patents: The only real way to protect ideas (not just expression) is patents. But broad software patents would stall innovation even more than copyright does. We already tried this in the 2000s with patent trolls. Nobody wants to go back.
Stronger copyright enforcement: Unenforceable across borders. The moment one country allows this, the "liberated" code can be downloaded legally from servers in that jurisdiction.
Do nothing: Tech companies lose their moats. VC-funded SaaS collapses.
I expect different regions to react differently:
- The US has strong tech lobbying, but also a free-market ideology that resists new restrictions.
- The EU tends to prioritize consumer interests over corporate ones. Cheaper software sounds pretty good to voters.
- Other countries have less to lose and may deliberately permit this to erode Western IP advantages.
At the end of the day, if one country in the world allows AI-powered clean room reimplementation, you'll be able to download that "liberated" code from that country legally.
The Ironic Outcome: Everything Becomes Open Source
Here's the twist I didn't see coming: GPL exists to ensure software stays free forever. Richard Stallman created it because he believed users should have the freedom to run, study, modify, and share software.
AI clean rooms might achieve exactly that outcome—just not in the way anyone intended.
Think about it:
- Company A takes GPL software and relicenses it as proprietary.
- Company B takes Company A's proprietary software and reimplements it as open source.
- Company C takes that and makes it proprietary again.
- Repeat forever.
The end state? Everything converges to effectively public domain. You can't maintain a proprietary advantage when anyone can recreate your software in hours. You can't maintain copyleft when it can be circumvented just as easily.
Source code becomes a common good. Not because of ideology, but because protection becomes technically impossible.
What Can You Actually Sell?
When code has no scarcity, what's left?
Convenience. That's it.
You can run the software yourself for free. Set up your own servers, handle updates, manage disaster recovery, deal with security patches—or pay someone a monthly fee to do it for you.
But here's the problem: when self-hosting becomes trivial (thanks to agentic SRE and AI-powered infrastructure management), convenience becomes less valuable. Margins compress. The race to the bottom accelerates.
Winners and Losers
The Real Winners: Cloud Infrastructure Providers
AWS, GCP, Azure. They own the hardware, the data centers, the network infrastructure. Whether you're running open source or proprietary software, you're paying them for compute. They win regardless of who owns the code.
In the short term, there might be shock to the system if an AI company like OpenAI fails spectacularly. That could damage cloud valuations temporarily. But long term? I'm bullish.
The Losers: Pure SaaS Companies
Any SaaS company whose value proposition is primarily "we wrote software that does X" is in trouble. If your moat is code, you no longer have a moat.
And here's the brutal reality: most SaaS companies were never designed for low-margin economics. They have massive operating costs—large engineering teams, expensive offices, bloated sales organizations, venture debt—all predicated on the assumption of 70-80% gross margins. When margins collapse to 20-30% (or lower), the math simply doesn't work. They can't cut costs fast enough. Many will go bankrupt.
This isn't a slow decline. SaaS companies with high burn rates and no data moat will face an existential crisis the moment a credible open source alternative appears. And with AI, that alternative can appear overnight.
The Exception: Data Moats
Some SaaS companies will survive—specifically, the ones that control proprietary data that can't be recreated:
- LinkedIn: The value is the network graph, not the code
- Bloomberg: Proprietary real-time financial feeds
- Palantir: Government contracts + classified data access
- Credit bureaus: Decades of credit history data
- Snowflake: Data gravity—once your data is there, leaving is painful
If your software generates or aggregates unique data that can't be reproduced, you have something AI can't replicate. If your software is just features, you're toast.
The Next Frontier: Open Source Hardware
I cannot speak for Richard Stallman, but I believe the vision behind GPL was to ensure that software would be free forever—like in the early days of computing when code was shared openly.
AI-powered clean rooms may finally get us there, ironically through market forces rather than ideology.
The next frontier is open source hardware. The designs can be liberated just like software, but manufacturing remains controlled by corporations with factories, supply chains, and regulatory approvals. Still, open hardware could finally kill proprietary drivers—another piece of the dream.
I personally believe this trajectory is better for consumers. Software becomes cheaper. Innovation accelerates. The tax on digital goods imposed by intellectual property regimes gradually evaporates.
Final Thoughts
The SaaS bubble I predicted in 2023 is bursting. The mechanism is just different than I expected—not market forces alone, but a fundamental breakdown in the ability to protect software as property.
In 5-10 years, I expect:
- Most software to be effectively open source (by force or by choice)
- SaaS margins to collapse except for data-moat businesses
- Cloud infrastructure to be the dominant value capture layer
- The concept of "software ownership" to feel as quaint as owning individual MP3 files
Is this good? Is this bad? Honestly, I don't know. But I do know it's happening. And the teams that prepare for a world where code has no scarcity will be the ones that thrive.
What do you think? Am I too pessimistic about SaaS? Too optimistic about open source? I'd love to hear your perspective in the comments.
If you found this interesting, you might also enjoy my previous posts on Agent Driven Development and the original SaaS bubble prediction from 2023.
Top comments (0)