Open source is how we beat the AI billionaires. Just read the licence first.
TL;DR
Open source is the best thing happening in AI right now. It's how we stop a few giant AI houses and their billionaire owners from owning the plumbing of every business on earth, and it's how we kill the SaaS slavery of the past ten years. But a free repo is still a stranger's code. Before you put any of it near your business, read the licence, because "free" and "yours to use" are not the same thing. Here are the licences that matter, the traps that look like gifts, and the one rule I give every client in their first month.
Free isn't free. It's licensed.
That one sentence will save you more grief than any tool you download this year.
Right now AI is being built in the open. Thousands of clever people are putting their work on GitHub for anyone to use. Models, tools, agents, whole systems. Given away, for nothing.
I love this. We should all love this.
Because the alternative is the one we've lived through for ten years. You rented your software by the seat. You rented your own data back from the people who collected it. The price crept up every renewal and the contract got longer every time. That's SaaS slavery, and most owners signed up for it one browser tab at a time, without ever once deciding to.
Open source is the answer to that. When the tools are shared, the power is shared. You end up with AI that augments your team, not a vendor that rents you back your own business. Sharing isn't the soft option here. It's the strategy. It's how we keep the tech billionaires from running even more of our lives than they already do.
So. Gracious, generous, brilliant. And not a reason to switch your brain off.
Gracious doesn't mean guard down
Here's the thing about a gift. You still check what's inside before you carry it into your house.
A free repo can be a masterpiece. It can also be abandoned, broken, quietly malicious, or wrapped in a licence that turns your paid product into a legal headache. The generosity is real. So is your job to do your due diligence. Both are true at the same time.
This matters more in AI than it ever did in ordinary software. You're not just running code now. You're handing tools the keys to your data, your inbox, your customers, your decisions. A bad tool doesn't just crash. It can leak, lie, or be steered by someone who hid an instruction inside a web page your AI happens to read. That last one has a name: prompt injection. Most owners have never heard of it. Every owner using AI is exposed to it.
My first rule for every Augment AIOS client: download nothing for a month
For the first month, you download nothing. Not from GitHub. Not from the wider internet. Nothing comes in.
Sounds backwards, doesn't it. You've just bought an AI operating system and step one is "don't add anything."
Here's why. Before you bolt a single outside tool onto your business, you need to get fluent in the things that keep you safe. Security. Privacy. Prompt injection. What's safe to feed an AI and what is never safe. Where the real risks live on this new frontier, the one that's hugely powerful and, honestly, a bit daunting when you first stare at it.
Get comfortable with the ground first. Learn how an attack actually works, so you can smell one coming. Then, and only then, you start bringing the outside world in. On purpose. Eyes open.
A boring month of discipline up front saves you a decade of cleaning up a mess. I've watched both happen. I'd rather you had the boring month.
See where AI fits in your business. Free.
A 45-minute audit. We map the highest-value automations and what they're worth in time and money. No pitch, no pressure.
The major GitHub licences, in plain English
When you do start bringing tools in, read the licence before the stars and before the reviews. The licence is the rulebook for what you're allowed to do with someone else's work. On a product you sell or run for your own business, it's the difference between "build freely" and "you now owe the world your source code."
The permissive ones: build freely.
- MIT. The most common and the friendliest. Use it, change it, sell it, keep your own changes private. The only rule is to keep the original credit notice somewhere. If you remember one licence, remember this is the green light.
- Apache 2.0. MIT with a suit on. Same freedoms, plus it protects you from patent claims by the people who wrote it, and it asks you to note the changes you made. The grown-up choice for anything serious.
- BSD (2 or 3 clause). Old, trusted, basically MIT. The 3-clause version adds one line: don't use the author's name to sell your version.
The copyleft ones: share and share alike.
- GPL (v2 / v3). Use it freely, but if you hand your software to others, you must hand them your source code too, under the same licence. People call it "viral" because it spreads to whatever it touches. Fine for using inside your own walls. A real problem if you planned to sell a closed product built on it.
- LGPL. A gentler GPL. You can connect to the library from your own private code without the whole thing turning GPL. Change the library itself, and you share those changes. A sensible middle.
- MPL 2.0 (Mozilla). Copyleft at the file level. Change their files, share those files. Your own files stay yours.
The one that catches paid AI products: AGPL.
- AGPL. This is the one I flag hardest. It closes what people call the SaaS loophole. With normal GPL you only have to share your code if you give someone the software. With AGPL you have to share it even if you just let people use it over the internet. Run an AGPL tool inside the product you sell or host, and you can be forced to open-source your entire system. A few very popular tools sit here. Use them as a service, fine. Build them into something you sell, and read very carefully first.
The two traps that look like gifts.
- No licence at all. The sneaky one. If a repo has no licence file, it is not free to use. "Public on GitHub" does not mean "yours to take." With no licence, plain copyright applies, which means all rights reserved, which means you can look but not touch. Most people get this exactly backwards.
- Source-available, dressed up as open source. Names to watch: BSL, SSPL, Elastic License, Commons Clause. You can see the code, you can often use it, but you can't use it to compete or to build certain commercial things. These are usually companies that started open, got big, then pulled the ladder up behind them. Which, given everything I said at the top, tells you exactly which side of the sharing fight they're standing on.
Here's the whole thing on one page.
| Licence | Sell a closed product on it? | The catch |
|---|---|---|
| MIT | Yes | Keep the credit notice |
| Apache 2.0 | Yes | Note your changes (patent cover included) |
| BSD | Yes | Don't use the author's name to sell |
| MPL 2.0 | Yes, mostly | Share changes to their files |
| LGPL | Yes, if you only link to it | Share changes to the library |
| GPL | Not a closed one | Give it out, you give out all your source |
| AGPL | No | Even over the internet, you share your source |
| No licence | No | Legally you can't use it at all |
| BSL / SSPL / Elastic | Restricted | Can't use it to compete |
One more wrinkle, because this is AI
Code isn't the only thing with a licence now. Datasets and model weights have them too, and they don't always follow the same rules. A dataset might be Creative Commons (CC0 means do anything, CC-BY means credit me). A model you think is "open" might carry a community licence that quietly bans certain uses, or kicks in restrictions once you get big. Open-ish is not the same as open. Check the model and the data with the same eyes you use on the code.
Do this every time
Before any tool touches your business:
- Read the licence file. If there isn't one, walk away.
- Match it to your use. Internal only is forgiving. Selling or hosting it is where GPL and AGPL bite.
- Check the pulse. When was it last updated. How many people rely on it. Is anyone home if it breaks.
- Assume nothing about safety until you've looked. Generous and safe are not the same word.
Where to from here
The sharing is the good news. It really is the thing that breaks the old model and keeps your business yours. But the price of a free and open world is that you stay awake in it. Be gracious. Be grateful. Stay sharp.
Augment AIOS isn't only the operating system that runs your business. It's a three-month, personalised programme to make you genuinely good at AI, in your business and in your life. We start with that quiet first month, getting you safe and confident, then build out from there at your pace. By the end you don't just own the system. You know how to run it, judge it, and keep it yours.
Book a free 60-minute AI audit, and we'll show you where AI can replace what you're renting, what's worth keeping, and where to start, so your business runs on a stack you own rather than one you just rent.
Live with passion & AI,
Brett
Need an AI operator inside your team?
Place a Chief AI Officer, an AI Officer, or embed an Anaboo Forward Deployed Engineer for 3–6 months.
Frequently asked questions
Is software on GitHub free to use?
+
Not automatically. GitHub is where code lives, it is not permission to use it. If a repository has no licence file, normal copyright applies and you legally cannot use, copy or modify it, even though you can see it. Free to use means there is an open licence (like MIT or Apache) that says so. Always check for a LICENSE file first.
What is the MIT licence?
+
The most common and most permissive open-source licence. It lets you use, change and sell the software, and keep your own changes private. The only condition is that you keep the original copyright notice somewhere in your product. If you are building a paid product, MIT is the green light.
Can I sell a product built on open-source software?
+
It depends entirely on the licence. With permissive licences (MIT, Apache 2.0, BSD), yes, freely. With copyleft licences (GPL, AGPL) you can be forced to publish your own source code, which usually kills a closed commercial product. AGPL is the strictest: it applies even if you only offer the software over the internet rather than handing it over.
What is AGPL and why does it matter for AI products?
+
AGPL is a strict copyleft licence that closes the SaaS loophole. Normal GPL only forces you to share your code if you distribute the software. AGPL forces you to share it even if people only use it over a network. Several popular AI and web-scraping tools use AGPL, so if you build one into a product you sell or host, you can be required to open-source your whole system. Use them as a service if you like, but read carefully before embedding them.
What are the real risks of downloading AI tools off the internet?
+
Two big ones beyond licensing. First, security and privacy: a tool you give deep access to can leak your data or be steered by a hidden instruction in content it reads, known as prompt injection. Second, durability: many AI tools are young startups that update constantly and can disappear. Own your data, keep exports, and do not build a critical process on a brand-new tool with no fallback.
Brett is a four-time founder (Darra Tyres, Gladfish, EzyTrac, Anaboo) and the operator behind AIOS, Anaboo's AI Operating System. He writes from inside the build, installing AI in his own businesses first and reporting back what actually moves the numbers. Based between Singapore, the UK and Australia.
