Discourse is rejecting the trend of closed-source SaaS, doubling down on its open-source commitment despite AI-driven security concerns raised by competitors like Cal.com. CEO Jeff Atwood argues that transparency creates stronger defenses by enabling broader scrutiny, not weaker ones. The company maintains its GPLv2 license after 13 years and over 22,000 active communities.

Cal.com recently announced it would close its codebase, citing AI's ability to rapidly scan and exploit vulnerabilities. The argument suggests that hiding source code buys time against AI-powered attacks. However, Atwood counters that modern AI tools can analyze compiled binaries and black-box APIs regardless of source availability. Web applications inherently expose significant surface area through client-side code and API contracts.

Discourse actively uses AI vulnerability scanners like GPT-5.4 and Claude Opus 4.6 to identify security issues before attackers can exploit them. The company argues that open source enables more defenders to use these same tools, creating a larger defensive network. With transparency, security teams, contributors, and independent researchers can all participate in finding vulnerabilities early, while closed-source models limit defensive capacity to internal teams only.