Fair Source Software in the AI age

Have you noticed AI recently? Yeah, us too. Generative AI is wreaking havoc on the software status quo, and that includes licensing, and that generates … opinions. 

Sentry has a long history of having opinions about software licensing. We started life as an unlicensed side project in 2008, then went through BSD, to BSL, to writing our own license, FSL. Most recently, in 2024, we launched Fair Source to carve out an industry niche for the best of source-available licensing (including FSL): simple non-compete, eventually Open Source. Fair Source adoption is growing.

So what’s going on with AI? How does it impact software licensing? Specifically, does Fair Source still work as intended? Is it still a safe option for your company? Spoiler alert: yes. Let’s dive in.

The new AI momentThe new AI moment

The software industry has taken a huge leap forward. As Andrej Karpathy put it, this shift happened “not gradually and over time in the ‘progress as usual’ way, but specifically this last December.” The last round of AI models in 2025 (Opus 4.5 on November 24, Codex 5.2 on December 11) were the first ones good enough to depend on as standalone agents in a harness such as Claude Code or OpenCode, rather than as a glorified autocomplete within traditional IDEs like VS Code or Cursor.

On top of that, OpenClaw, the open-source AI personal assistant, exploded in popularity, demonstrating both the viability of vibe-coding (“I ship code I don’t read”), and the overwhelming demand for agents to do more than just write code.

Three months after launch, OpenClaw surpassed React as the most popular Open Source project in history (and the stars seem legit).

This Cambrian explosion raises questions across the software industry and more broadly in society. As far as licensing goes, what is the status quo that AI is upending?

Standard modelStandard model

Since the 1970s, the international community has considered software to be “literary works for copyright purposes” (WIPO FAQ). This forms the basis for what we might call the standard model of software licensing: a human writes software, and the law automatically recognizes their copyright. The author is then free to give permission to others to use the software, modify it, distribute it, and so forth. The legal instrument for this is a license agreement.

A small subset of license agreements meet the criteria of the Open Source Definition (OSD), a document maintained by the Open Source Initiative (OSI) since 1998. (OSI does not have a legal trademark on the term “Open Source,” but they do have a clear socio-historical claim on it.) Software under these licenses is Open Source software (OSS). 

Another set of licenses meet the criteria of the Fair Source Definition (FSD), a document we wrote in 2023 to launch Fair Source, a movement complementary to Open Source that encourages companies to safely share their core software products. Software under these licenses is Fair Source software (FSS).

For completeness, Microsoft’s Software License is an example of a license that fits neither OSD nor FSD, so the software they release under it is neither OSS nor FSS.

In practice, most companies are careful to choose the right license for their goals, and to respect the licenses of others. For example, at Sentry, we have an extensive internal policy on software licensing. We use FOSSA to help us manage our compliance with licenses of software we consume. Of course, we also go above and beyond the license terms of the OSS we consume, proactively funding its maintainers as a member of the Open Source Pledge (which we also started btw).

How AI disrupts licensingHow AI disrupts licensing

LLMs disrupt software licensing in at least three ways:

• LLMs are trained on public source code without much effort to respect license terms. Is it “fair use”?

• LLMs make it very easy to rewrite libraries, potentially making copyleft licenses obsolete.

• The output of LLMs will seemingly not be subject to copyright protection.

The second and third are even more of an issue since the December Leap. Let’s look at each in turn, and then consider the implications for Fair Source software.

No putting the genie back in the bottleNo putting the genie back in the bottle

LLMs are generating more and more of our code, but how were they trained? On publicly available sources, and we can say with near certainty that LLMs are not complying with license requirements, whether that’s the strong restrictions of copyleft licenses like GPL, or even the minimal attribution restrictions of permissive licenses like MIT and BSD. When was the last time your coding agent provided an attribution notice with its suggestions? But even with this imputed use by LLMs, what is to be done about it now? 

We’ve seen copyright holders in other industries like books, music and photography sue the LLM providers for copyright infringement. Although we have not seen court decisions come out of these suits yet, we have seen some of them result in monetary settlements. However, there is an important distinction between those media and open source software. The former have no express license terms granting broad rights to infringe copyrights in a manner that by their very definition is “technology-neutral”. It definitely makes arguments of copyright infringement and breach of contract much harder to defend.

While we have seen an attempt by developers to enforce their copyrights against the LLM providers, that is facing challenges due to the difficulty in providing specific examples of copied code. This supports the model companies’ “fair use” position. What if the infringement is not even done by making a copy of the code, but creating a derivative work based on existing software that has been completely rewritten by an LLM?

No stopping permissive rewritesNo stopping permissive rewrites

There has been a longstanding tension in the industry around the Next.js web framework. It’s one of the most popular, and technically it is Open Source under the MIT license, but it can really only be used as a first-class citizen on one hosting platform. The OpenNext project exists to support Next.js apps on other platforms, but it has challenges. Because of this, Steve Faulkner from Cloudflare announced a new project called vinext that reimplements the Next.js API surface in the Vite framework, offering much better compatibility than OpenNext. What’s notable is that Steve did it in a week using agentic coding.

In the wake of this, Steve Ruiz joked about taking tl;draw’s test suite private, since the test suite was a major baseline for vinext. People like Malte Ube and Gergely Orosz took him seriously, showing just how much uncertainty there is, now that AI agents have brought the cost of coding down so much. Next.js is MIT, so it’s fair game for Cloudflare to do a rewrite like this, so long as they provide attribution.

Much more controversial was a rewrite of a venerable Python library, chardet. The long-time maintainer made a good-faith effort to do a “clean-room” reimplementation. The controversy is that he then licensed it under MIT instead of the original author’s choice, LGPL. The maintainer argued that it does not trigger the terms of the LGPL because he did not ”modify a copy of the Library” (as the LGPL says), but rather did a ground-up rewrite. Chardet seems to be present in the training data of the LLM in question, but the maintainer presents a metrics-based case that the new code is not derived from the old codebase.

What, though, is the legal status of the LLM-generated output?

No copyrights on electric sheepNo copyrights on electric sheep

For a decade, Stephen Thaler has tried to win a copyright assignment for his “Creativity Machine” on images it hallucinated during a simulated near-death experience (yeah that’s a rabbit hole). Two weeks ago, the U.S. Supreme Court declined to hear Thaler’s case, letting stand a lower court ruling that a significant human element is necessary to receive copyright protection (EU has a similar requirement). The U.S. Copyright Office is backing this up with what they will grant registration for, in line with the ground rules for their ongoing AI initiative (p 2):

In the Office’s view, it is well-established that copyright can protect only material that is the product of human creativity. Most fundamentally, the term “author,” which is used in both the Constitution and the Copyright Act, excludes non-humans.

No surprise, then, that their report last January on copyrightability states (p iii):

• Copyright does not extend to purely AI-generated material, or material where there is insufficient human control over the expressive elements.

• Whether human contributions to AI-generated outputs are sufficient to constitute authorship must be analyzed on a case-by-case basis.

The contest now shifts to the definition of “sufficient human control.” However, the January report already draws a significant line: “prompts alone do not provide sufficient human control to make users of an AI system the authors of the output. Prompts essentially function as instructions that convey unprotectible ideas.” (p. 18).

If prompts don’t count, does human code review? Would review need to result in a significant human-authored change, or is reviewing the code enough? How is this demonstrated? If human maintainers look at some code but not other code, is the code they looked at under copyright, and the code they didn’t, isn’t? How much longer until there is no human code review at all? There seems to be precious little keeping AI-generated code within the bounds of copyright.

No worries with Fair SourceNo worries with Fair Source

Fair Source was designed to allow companies to share code for their core software products without compromising their business model. It still does, even if the company uses AI to generate code. The key is that Fair Source offers another enforcement mechanism besides copyright infringement for rightholders. Software licenses are considered contracts between parties, and “breach of contract” is a separate violation of law that still applies, even if “copyright infringement” does not.

Since Sentry is leading the Fair Source movement, we want to make our position clear: you can’t use clones of Fair Source software to compete with the software you’re cloning. LLMs just make the process faster, they don’t fundamentally alter the equation. Just because technology makes it easier to copy or make a derivative work, that doesn’t make it permitted — and because Fair Source license is a contract with its own terms that you agree to when you access the source code, the copyright status of the code doesn’t really matter.

We are definitely in a shifting landscape regarding IP rights and artificially generated code. Cloud computing was a technology shift that highlighted some of the inherent limitations of Open Source licensing. AI is further turning OSS on its head, amplifying the distinction between OSS and FSS. It is more important than ever to make the right decision about how to license your project. Sentry is full steam ahead with Fair Source.