AI Makes Open Source CEOs' Best Defense
Closed-source SaaS faces AI-driven cloning and forking risks; open-sourcing core products lets users AI-customize forks, turning threats into community-driven innovation that locks in loyalty.
Closed-Source Crumbles Under AI Scrutiny
Theo argues closed-source software is eroding trust as companies ship lower-quality updates, blaming AI for enabling rapid, unpolished releases. From a business lens, AI agents amplify vulnerabilities: they scan open code for security holes (e.g., Cal.com faces floods of reports and exploits due to its open-source nature), clone features by pointing at repos, or fork and self-host to bypass payments. Theo hasn't open-sourced T3 Chat yet—despite demand—due to a tiny 2.5-person team lacking bandwidth for security and edge cases, where a breach could cost millions. These risks are real, but Theo advises portfolio companies to go "all-in on open source" because staying closed dooms you long-term.
"I recently published a video about how much I'm losing trust in closed source software... yes, AI is definitely to blame. Now that companies can just ship whatever they want and they're not caring as much about quality, the quality of the things I use is going down."
This quote captures Theo's personal frustration, rooted in hands-on experience, highlighting how AI lowers shipping barriers but raises reliability expectations users enforce via forks.
Feature Bloat Traps Legacy Giants, AI Unlocks Customization
Historical winners like AWS, Salesforce, and Retool dominate via feature sprawl: Salesforce hypothetically offers 1,000 features, but customers use ~50 (5%), with 25 shared by 80% and the rest (<1% usage) locking in via bespoke needs. Competing means replicating that long tail—impossible for small teams, as even one missing niche feature stalls migrations. Plugins fail too: they're "hell," prone to crashes, support nightmares, and incomplete coverage, locking providers into rigid architectures (Retool succeeds somewhat via integrations but risks breakage on changes).
AI flips this. Instead of building everything, provide composable building blocks. Vercel thrives by hosting your code: missing AWS's 95%+ features? Plug in Cloudflare for firewall, Supabase for DB, Convex for backend—Vercel just excels at web app deployment/CDN. Customers extend via code, not plugins. Theo contrasts this with Amplify's failures, emphasizing modular services win.
"If you have a million customers, a feature that's used by 1% of them is still used by 10,000 customers. If you have 100 customers, a feature that's used by 1% of them is used by one team. That doesn't work."
This illustrates the scale asymmetry AI erodes, as agents let anyone fork and adapt for that "one team."
Forks as the New Moat: T3 Code Proves AI Customization Scale
T3 Code, Theo's open-source CLI/GUI wrapper for AI coding agents (bring-your-own Claude/Codex sub), hit 42k installs, 16k weekly active users, 9k GitHub stars—and 1.5k forks. Shockingly, ~10% of weekly users forked for tweaks. Users like Emanuel forked into "DP Code," adding multi-terminals (inspired by tmux), split chats, queuing, plugins, handoff features, even mobile support. He praises it as a "skeleton to play with," fun to hack thanks to AI lowering code change costs—even non-devs contribute.
This "broke Theo's brain": forks turn users into extensors, surfacing ideas (Theo eyes ripping handoff). PostHog's self-hosting appeals more if AI lets you add custom charts without cluster management. Future vision: every customer runs personalized forks, maintained via AI pulls from main. Open source becomes the moat—competitors clone a generic base, but loyal users stick to customized forks fed by your upstream improvements.
Theo advises: Open core apps, make forking trivial. For infra like Vercel, host user code. For apps like Salesforce, modularize for easy integration. Tradeoff: Mitigate security (e.g., T3 Code's local-run model reduces infra risk). Result: Community velocity outpaces closed rivals, as AI democratizes extension.
"We have almost 9,000 stars, but we also have 1 and a half thousand forks... 10% of our users have forked and made some customization. Do you know how crazy that is?"
This metric underscores the insight: AI slashes customization costs, making forks a leading indicator of product-market fit.
"The sheer volume of people customizing T3 code to their liking has just broken my brain and how I think about these things on a fundamental level."
Theo's reaction reveals the paradigm shift from vendor-locked features to user-owned evolution.
"A lot of people thought that AI would kill open source, but I actually think it's making open source the only viable path forward..."
Opening quote frames the counterintuitive thesis: AI threats to open source (cloning) are dwarfed by benefits (mass customization).
Key Takeaways
- Audit your product's long-tail features; if >20% serve <1% users, prioritize open-sourcing core + modularity over bloat.
- Measure forks/stars as engagement signals—aim for 5-10% fork rate via clean, AI-friendly codebases.
- For security, prefer local-run models (like T3 Code) over hosted to minimize exploit surface while open-sourcing.
- Build composable: Host/execute user code (Vercel-style) instead of plugins to avoid support hell.
- Advise small teams: Open source iteratively—start with low-risk tools (CLIs) before revenue-critical apps.
- Use AI agents in CI (e.g., RWX run loops) to fix issues pre-commit, accelerating open-source iteration.
- Target niches poorly served by giants (e.g., Vercel vs. AWS web deploys) with extensible bases.
- Track community PRs/forks for feature ideas; integrate top ones to pull users back to main.