GSDRF.ORG

Author: Fred Jacquet

  • Quantum Computing and Cryptography

    Quantum Computing and Cryptography

    Decoding the Legacy of Bennett and Brassard (2025 Turing Award)

    Imagine a world where your secrets are no longer guarded by “mathematical padlocks,” but by the fundamental laws of the universe. This world is no longer a laboratory utopia because it has just been honored by the “Nobel Prize of Computing.”

    Executive Brief: The Bennett and Brassard Quantum Revolution

    Analysis of the 2025 Turing Award’s impact on cybersecurity and global digital infrastructure.

    1. The Paradigm Shift

    The 2025 Turing Award marks a historic breakthrough. Computing is no longer defined solely by software code, but by the mastery of matter. Charles Bennett, often described as a quantum pioneer at IBM, long recognized as a pioneer in computing and now a leading player in quantum research, and Gilles Brassard, widely regarded as a founding father of quantum information science and now a professor at the Université de Montréal, have transformed the paradoxes of quantum mechanics into fundamental resources for information. They have taken the very concepts that once troubled Einstein, specifically entanglement and non-locality, and turned them into the building blocks of a new science.

    2. The Urgency: The Collapse of Classical Security

    Shor’s algorithm proves that a quantum computer can break current RSA encryption in just minutes. This includes the encryption used by banks, messaging services, state secrets, and beyond. In this perspective, malicious actors are already storing today’s encrypted data to decrypt it tomorrow (“Store Now, Decrypt Later”). The threat is not in the future. It is immediate for any data requiring long-term confidentiality (30 to 50 years).

    3. The Solution: Quantum Cryptography

    Unlike mathematics, physics offers unbreakable security. On one hand, it is impossible to copy quantum information without modifying it, a principle known as the no-cloning theorem. On the other hand, any attempt at eavesdropping leaves an indelible physical trace, allowing users to be alerted even before sensitive data is sent.

    4. Toward a Global Infrastructure (The Quantum Internet)

    The winners’ work has laid the groundwork for a planetary network based on Quantum Teleportation. The remote transfer of a particle’s state forms the very basis of future connectivity. At the same time, they have highlighted Entanglement Distillation and Quantum Repeaters. These are techniques that allow for the cleaning of “noise” within fiber optics to transport absolute secrecy over thousands of kilometers.

    5. Current Status and Sovereignty

    Industrial adoption is already a reality. Banks and telecommunications companies are deploying strategic Quantum Key Distribution (QKD) networks through space-based infrastructures such as the Micius satellite. Faced with cyber risks, organizations such as the ANSSI (the French National Cybersecurity Agency) and NIST (the U.S. National Institute of Standards and Technology) are now mandating a transition toward “Quantum-Ready” infrastructures. Sovereignty no longer depends on computational power, but on the mastery of physical laws.

    Strategic Conclusion

    In 2026, digital security no longer rests on the difficulty and time required for calculations, but on the laws of quantum physics. Tomorrow’s sovereignty depends on the ability of states and companies to integrate these physical foundations into their digital architecture.

    Turing 2025: Why the Bennett & Brassard Revolution Changes Everything for Our Security

    On March 18, 2026, the ACM (the Association for Computing Machinery) awarded the prestigious A.M. Turing Prize to two visionaries, Charles H. Bennett and Gilles Brassard. At a time when artificial intelligence occupies every mind, this million-dollar prize serves as a reminder of an essential truth. The next great digital revolution will not be solely software-based. It will be quantum. By honoring these two researchers, the jury is not merely crowning an algorithm, but forty years of a fascinating quest. This is the story of researchers who dared to follow in Einstein’s footsteps to transform the mysteries of physics into a radically new information science.

    1979: The Encounter That Changed Cryptography

    Charles H. Bennett, often described as a pioneer of quantum information and now an IBM Fellow at the Thomas J. Watson Research Center, has spent his career at the intersection of thermodynamics and computing. Born in 1943 in New York and educated at Harvard, he proved as early as 1973 that computation could be logically reversible, a major conceptual breakthrough. IBM, long recognized as a pioneer in computing and now a leading player in quantum research, has been the home of his most significant work. He is the co-inventor of the BB84 protocol and quantum teleportation. His work earned him the prestigious 2025 Turing Award, crowning a life dedicated to merging the laws of physics with bits of information.

    Gilles Brassard, widely regarded as a founding father of quantum information science and now a professor at the Université de Montréal, is the Quebecois computer scientist who first understood that quantum physics could revolutionize data security. Born in 1955 in Montreal, he was a true mathematical prodigy who entered university at just 13 years old. After earning a PhD from Cornell, long recognized as a pioneer in computer science research, under the direction of John Hopcroft, he spent the majority of his career at the Université de Montréal. A co-recipient of the 2025 Turing Award alongside Bennett, he has shared with him the world’s highest distinctions, such as the Wolf Prize and the Breakthrough Prize, for transforming a theoretical intuition into a global industrial reality.

    This choice by the ACM marks a clean break from the previous edition. In 2024, the Turing Award celebrated breakthroughs in the field of Deep Learning and neural networks, which are the very pillars of the current AI explosion. By shifting from the algorithmic power of AI to the subatomic foundations of matter, the Turing committee signals that the next frontier of computing no longer lies solely in code, but in the mastery of quantum reality itself. Charles H. Bennett and Gilles Brassard receive this distinction for demonstrating that the specificities of quantum mechanics, far from being obstacles, actually constitute fundamental resources. These resources guarantee the absolute invulnerability of exchanges by allowing for the immediate detection of any interception attempt. However, one cannot understand the full scope of the 2025 Turing Award without going back to the revolution of 1982 and the figure of Alain Aspect, often described as a pioneer of quantum entanglement and now a professor at the Institut d’Optique Graduate School.

    By receiving the Nobel Prize in Physics in 2022, the Frenchman Alain Aspect officially closed a century-old debate initiated by Einstein himself. Aspect proved that quantum entanglement was not a figment of the imagination, but a physical reality, by leading historic experiments with his team at the Institut d’Optique in Orsay, France. We now know, through the success of his experiments, that two particles can remain instantaneously linked regardless of the distance separating them. This discovery contradicts the famous skepticism of Albert Einstein. The latter refused to admit that an action could be faster than light, contemptuously labeling this phenomenon “spooky action at a distance” (spukhafte Fernwirkung). For him, quantum mechanics was incomplete. Local “hidden variables” had to exist, as if the particles had “agreed” on their state before separating. Yet, this is where the genius of John Bell comes in. In 1964, the Northern Irish physicist translated this philosophical dilemma into a mathematical test. This test has since been known as “Bell’s Inequality.” He demonstrated that if Einstein were right, the correlations between two particles could never exceed a certain threshold. By brilliantly violating this inequality in 1982, Alain Aspect proved that nature is indeed “non-local.” We now know that entangled particles form one and the same system that defies distance.

    Although their scientific trajectories ran parallel between 1979 and 1984, the work of the Turing winners is inseparable from this revolution. While Aspect was proving the reality of entanglement, Bennett and Brassard were already exploring its informational side with a visionary question. They sought to understand how these particles could be used to encode an unbreakable secret. One could say that if the BB84 protocol was born from mathematical intuition, it was Aspect’s results that gave it global credibility. Without experimental proof that the “quantum channel” actually exists in nature, their theories would likely have remained mere laboratory curiosities on paper. By proving the violation of Bell’s inequalities, Aspect validated the ground upon which Bennett and Brassard would build their security architecture. This connection became absolute in 1993, during their work on quantum teleportation. For this breakthrough, the two Turing winners began using entanglement as a true “fuel” for information. They are no longer merely inspired by physics. Indeed, they are transforming the phenomena proven by Alain Aspect into concrete tools to lay the foundations of tomorrow’s computing.

    When RSA Trembles Before the Quantum

    To measure the importance of this Turing Award, one must first realize the fragility of our current digital world. Today, our private lives (from our WhatsApp messages to our bank transactions) rely almost exclusively on RSA public-key cryptography. This system takes its name from the initials of its three inventors: Rivest, Shamir, and Adleman. These protocols are “mathematical padlocks.” They rely on the extreme difficulty of certain problems, such as the factorization of large prime numbers. For a classical computer, cracking an RSA-2048 key would take billions of years. Thus, RSA offers “merely practical security,” based on the inability of our current machines to test all possible combinations within a human timeframe.

    The most serious issue is that the stakes extend far beyond the security of our personal messages. For strategic players, the quantum threat is a systemic risk. In the banking and financial sector, the slightest flaw in transaction encryption could destabilize global markets and shatter confidence in digital currencies. Telecommunications operators, who serve as the guardians of global communication flows, fear seeing the credibility of their networks evaporate if a quantum transition is not carried out in time. The threat also extends for example to the energy sector, where the management of smart grids and power plants depends on secure communications to prevent any remote sabotage. Finally, for Defense and governments, the urgency is even more pressing. Diplomatic or military secrets have a confidentiality lifespan of several decades, making them the primary targets for long-term espionage.

    “Store Now, Decrypt Later”: The Urgency is Already Here

    While a quantum computer capable of breaking RSA does not yet exist at full scale, the threat itself is immediate. This is the peril of “Store Now, Decrypt Later“. State agencies and cybercriminal organizations are already intercepting and storing encrypted data flows today. They are betting on the fact that in 5, 10, or 20 years, they will be able to decrypt them with a quantum machine. Faced with this potential crisis, building “Quantum-Ready” infrastructures is becoming an absolute national security priority. This strategy is not just a theoretical concern. It is a documented reality. In early 2024, the Cybersecurity and Infrastructure Security Agency (CISA, the leading U.S. federal agency for cyber defense) issued a major alert regarding “Volt Typhoon”. These state-sponsored actors have successfully infiltrated critical infrastructures, maintaining access for years to collect sensitive data. By harvesting this information now, they are effectively building a strategic “data vault” to be unlocked once quantum decryption becomes available. This “Store Now, Decrypt Later” strategy is not the exclusive domain of any single power. It is a shared doctrine among global intelligence agencies. The most striking evidence of this was revealed by Edward Snowden in 2013 regarding the NSA (National Security Agency) and its “BULLRUN” program. These documents proved that Western agencies were intentionally weakening encryption standards and intercepting massive amounts of encrypted traffic to be cracked later. For these organizations, data that cannot be read today is simply a “deferred intelligence” asset, waiting for the necessary computing power to be revealed.

    In France, ANSSI (the French National Cybersecurity Agency) is on the front lines of this battle. As early as 2022, the agency published major scientific advisories anticipating that the first quantum computers capable of breaking current keys could appear by 2030–2035. On an industrial scale, that is tomorrow! For ANSSI, the challenge is not to wait for the “physical threat“, but to anticipate system migration now. Its recommendations are clear. Critical entities, including electricity, hydrocarbons, water, central and commercial banks, market infrastructures, telecommunications, and transport, must adopt a “cryptographic agility” strategy. This involves a progressive shift toward Post-Quantum Cryptography (PQC) which are mathematical algorithms designed to be resistant. On top of it, for the most sensitive communications, they highly recommend the exploration of Quantum Key Distribution (QKD), which stems directly from the work of our two Turing Award winners. The goal is to ensure that data intercepted today is already protected by security layers that even the computers of tomorrow will be unable to break.

    In the United States, the response is equally firm. The U.S. government has made the cryptographic transition a legislative priority with the Quantum Computing Cybersecurity Preparedness Act, signed in late 2022. NIST (the National Institute of Standards and Technology) is leading a global competition to select future algorithms “unbreakable” by a quantum computer. These new standards, gradually being adopted by Silicon Valley giants, aim to replace RSA before the threat becomes a physical reality. Similarly, on a global scale, this growing awareness has prompted NATO and the European Union to launch the European Quantum Communication Infrastructure (EuroQCI) projects. The objective is to deploy an ultra-secure communication network combining fiber optics and satellites to protect the continent’s critical infrastructures.

    While the West finalizes its standards, China has already deployed the world’s largest quantum infrastructure. As early as 2016, it made a significant impact with the launch of Micius, the first quantum communication satellite, enabling secure transmissions over thousands of kilometers and overcoming the distance limitations imposed by terrestrial fiber optics. On the ground, the effort is equally colossal. In 2017, China inaugurated a quantum “backbone” connecting Beijing to Shanghai over more than 2,000 kilometers. It is a physical infrastructure marked by 32 relay stations securing exchanges between the country’s nerve centers. This operational network already secures government, banking, and military data exchanges for its largest metropolises. This strategy (which I analyzed as a true quantum conquest of the Internet as early as 2017 in my article “Chinese Quantum Teleportation: The Conquest of Quantum Internet“) demonstrates that for Beijing, technological sovereignty depends on having a concrete lead on the ground. By investing tens of billions of dollars (notably in the Hefei National Laboratory), China is not just seeking to protect itself, but to define the future physical standards of global communication. This quantum superpower is now forcing other blocs to accelerate their transition, for fear of seeing the Internet of tomorrow fly under a Chinese flag.

    Whether in Washington, Paris, Beijing, or Brussels, the conclusion is the same. Tomorrow’s security can no longer rely solely on the complexity of mathematics, but must instead rest on the robustness of physics. This is precisely where the work of Bennett and Brassard takes on its full meaning. They are no longer entrusting our secrets to complicated mathematical calculations, but to the absolute protection of the laws of nature.

    The BB84 Protocol: The Art of Encryption with Light

    The origin of this revolution traces back to an informal discussion on a beach, where Bennett and Brassard realized that their ideas were converging. Inspired by Stephen Wiesner’s theoretical concept of “quantum money“, which imagined banknotes that were impossible to counterfeit because they were protected by physics, they decided to apply this principle to communications. They envisioned a system where information would no longer be encoded by numbers, but by particles of light, aka “photons”. This original intuition from Wiesner is, in fact, experiencing a rebirth today in the form of quantum tokens used to secure digital identification. 

    Unlike classical cryptography, the BB84 protocol (named after its authors, Bennett and Brassard, and its year of publication) relies on Quantum Key Distribution (QKD). Here, security does not depend on a calculation that a computer “does not yet know how to perform,” but on the no-cloning theorem. In quantum physics, it is impossible to copy the state of a particle without modifying it. To visualize this theorem, imagine that to read the message on a letter, you were forced to burn the paper. This is exactly what happens here. In quantum physics, “watching” or measuring a particle, such as a photon, irremediably alters its quantum state. Unlike a standard computer file that can be copied infinitely without the original changing, a quantum bit (qubit) is unique. If a spy attempts to copy it to read it, they break the original particle and leave behind an immediate “error signature”. One cannot steal quantum information while remaining invisible. For the sender and the receiver, this changes everything. They exchange a key made of photons whose orientation carries the information. If an eavesdropper attempts to intercept the transmission, she is forced to “observe” the particles. However, in quantum physics, observation irremediably disturbs the state of the system. This is where the unique nature of quantum physics comes into play. By attempting to read the key, the spy leaves an indelible trace of their presence. The sender and the receiver only need to compare a small portion of their data to detect any errors. If the key is “noisy,” they know they are being overheard. They then discard the compromised key and start over until they obtain a perfectly pure string of bits. The alert is triggered before a single piece of sensitive data is even sent.

    In 1989, Bennett, Brassard, and John Smolin proved the viability of their theory by designing the very first quantum cryptography device. At the time, the feat consisted of transmitting keys over just 30 centimeters (12 inches) between two complex optical setups. This modest laboratory step demonstrated that light could indeed carry absolute secrecy. Long confined to the 1984 theory, this technology has since reached a new dimension thanks to China. In 2016, the launch of the Micius satellite marked a historic turning point by operating Quantum Key Distribution over more than 1,200 kilometers. This achievement solved the major problem of signal attenuation in terrestrial fiber optics, which typically peaks at around a hundred kilometers. By passing through the vacuum of space, physicists proved that a quantum state could be “teleported” from a station in Tibet to the satellite, and then redistributed as far as Graz, Austria. Today, with the Beijing-Shanghai link, we are no longer looking at a closed-circuit proof of concept, but at the early stages of a global infrastructure. This transition from centimeters to transcontinental networks is the physical realization of a dream that once existed only on paper.

    Quantum Teleportation and Distillation: Toward the Internet of the Future

    In 1993, the duo moved beyond simply securing the transmission of light. Along with a team of researchers, they published a paper on quantum teleportation (“Teleporting an unknown quantum state via dual classical and Einstein-Podolsky-Rosen channels”)  that would revolutionize our understanding of space. Unlike science fiction, this is not about moving physical matter, but rather transferring the complete quantum state of one particle to another, without them ever touching. To achieve this feat, they relied on quantum entanglement, a phenomenon Alain Aspect had experimentally demonstrated a decade earlier. Imagine two entangled particles as a pair of “magic dice“. The trick is that regardless of the distance between them, if one shows a 6, the other will instantaneously reveal the same result. In this process, the state of the original particle is erased on one side (consistent with the no-cloning theorem) to be recreated identically on the other. It is not a journey of matter, but a pure transfer of identity. This is the ultimate form of communication, where information seems to evaporate here and materialize there, without ever having traversed the space in between. This breakthrough is at the core of what experts now call the Quantum Internet. It is no longer just a matter of cryptography, but of connectivity. By making it possible to link quantum processors over long distances, Bennett and Brassard have paved the way toward a global network capable of combining, for the first time, unprecedented computing power with unbreakable protection.

    They are no longer merely drawing inspiration from physics. In reality, they are transforming Einstein’s doubts, Bell’s calculations, and Alain Aspect’s proofs into concrete tools to build the digital architecture of the 21st century. But one question remained: how could this technology be deployed on the scale of a country or a continent? In a standard fiber optic cable, the signal weakens and becomes scrambled over distance. In quantum computing, this “noise” is fatal because it breaks the entanglement. To make it work on a large scale, Bennett and Brassard theorized an ingenious solution in 1996. This is entanglement distillation. This technique allows for the “cleaning” of the signal by extracting a single pure link from several imperfect or noisy ones. It is the quantum equivalent of high-fidelity filtering. By laying the groundwork for these future “quantum repeaters” and memories capable of storing light, they solved the problem of data loss over long distances. To make this system foolproof, they perfected the use of decoy states (decoy photons), preventing any subtle interception by an eavesdropper. Thanks to this breakthrough, the Quantum Internet is no longer limited to a few city blocks but can now be envisioned on a planetary scale, whether via fiber optics or satellite.

    Conclusion: The Bridge Between Two Worlds

    Today, as the United Nations celebrates the International Year of Quantum Science, Bennett and Brassard’s theories are no longer confined to specialized journals. They now form the backbone of planetary networks. The financial world has already taken the leap. The fact is that major banks daily use Quantum Key Distribution to protect their most critical fund transfers, even securing blockchain transactions. In space, the distance barrier is also falling. Satellites like the Chinese pioneer Micius prove that it is possible to transmit quantum keys over thousands of kilometers, linking entire continents beyond terrestrial borders. Thus, the Global Quantum Internet is truly under construction. It becomes the ultimate network that will allow quantum processors to connect and multiply their power. It is no longer a dream, it is a global industrial project.

    By honoring Charles Bennett and Gilles Brassard in 2026, the ACM is not merely celebrating a past mathematical feat. It is pointedly recognizing a vision that transformed nature’s deepest paradoxes into a lasting foundation of trust for our digital exchanges. For forty years, these two researchers have bridged the gap between the rigor of computer science and the complexity of physics. More than just a career achievement, their 2025 Turing Award shows where technology is headed.

    The legacy of these researchers lies in having bound computer science to the laws of physics. This paradigm shift substitutes the robustness of nature for the fragility of algorithms. From now on, the security of our exchanges will no longer rely solely on the power of our machines, but on the very fundamental principles of the universe.

    Why Bennett and Brassard’s Legacy Matters to You (Already)

    Beyond satellites and laboratories, the revolution started by Bennett and Brassard is redefining the very notion of trust. Nowadays our lives are entirely digitized, understanding their work means understanding the three pillars of our future daily lives:

    • “Physically” Protected Privacy: Imagine a tomorrow where the confidentiality of your medical records or private conversations no longer depends on the complexity of a password, but on the very structure of light. Thanks to them, we are moving from “probable” security to “certain” security.
    • The End of Banking Vulnerability: For businesses, the transition to quantum is not a luxury. It is a life insurance policy. By adopting these technologies, banks ensure that even 50 years from now, no hacker will be able to reopen the digital vaults of the past.
    • An Internet of Total Collaboration: The Quantum Internet they envisioned will link processors together to solve problems that are currently unsolvable like creating custom medications, optimizing an entire city’s energy grid, or simulating new materials.

    In short, Bennett and Brassard did not just invent a new way to encode messages. They proved that nature itself could be our greatest ally in protecting our digital freedom. The “Nobel Prize of Computing” they receive today is proof that the world of tomorrow will no longer be made solely the last AI big thing, but on the physical consistency of the world around us. Bennett and Brassard have simply moved digital trust from the hands of programmers or AI tools, to the laws of physics.

    Sources & References

    Awards & Recognition (Turing Award 2025/2026)
    • ACM: ACM A.M. Turing Award Honors Charles H. Bennett and Gilles Brassard for Foundational Contributions to Quantum Information Science 🔗
    • A.M. Turing Award: Official site honoring the laureates 🔗
    • CIFAR: CIFAR’s Gilles Brassard and Charles H. Bennett receive 2025 ACM A.M. Turing Award for pioneering quantum information science 🔗
    • IBM Newsroom: IBM Fellow and Quantum Pioneer Charles H. Bennett Receives A.M. Turing Award, Computing’s Highest Honor 🔗
    • BBC: Quantum pioneers win Turing Award for encryption breakthrough 🔗
    • The New York Times: Turing Award Goes to Inventors of Quantum Cryptography 🔗
    • Quanta Magazine: Quantum Cryptography Pioneers Win Turing Award 🔗
    • Nature: Major Turing computing award goes to quantum science for first time 🔗
    Networks & Infrastructure (Quantum Internet & QKD)
    • JPMorgan Chase: JPMorgan Chase, Toshiba and Ciena Build the First Quantum Key Distribution Network Used to Secure Mission-Critical Blockchain Application 🔗
    • Nature (Journal): An integrated space-to-ground quantum communication network over 4,600 kilometres 🔗
    • European Commission: European Quantum Communication Infrastructure (EuroQCI) 🔗
    • UNESCO: International Year of Quantum Science and Technology 🔗
    • LinkedIn (Fred Jacquet): Chinese Quantum Teleportation: The conquest of Quantum Internet 🔗
    Cybersecurity & Policy
    • Congress.gov: H.R.7535 – Quantum Computing Cybersecurity Preparedness Act 🔗
    • CISA: PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure 🔗
    Scientific Foundation & Research (arXiv & Journals)
    • Gilles Brassard: Brief History of Quantum Cryptography: A Personal Perspective 🔗
    • APS (Phys. Rev. Lett.): Teleporting an unknown quantum state via dual classical and Einstein-Podolsky-Rosen channels 🔗
    • arXiv – BB84: Comprehensive Analysis of BB84, A Quantum Key Distribution Protocol 🔗
    • arXiv – Decoy State: A rigorous and complete security proof of decoy-state BB84 quantum key distribution 🔗
    • arXiv – Quantum Tokens: Practical quantum tokens: challenges and perspectives 🔗
    • arXiv – Noisy Channels: Purification of Noisy Entanglement and Faithful Teleportation via Noisy Channels 🔗
    • arXiv – Micius: Micius quantum experiments in space 🔗

  • The AI Code Laundromat: From Technical Optimization to License Piracy

    The AI Code Laundromat: From Technical Optimization to License Piracy

    Between “Vibe-coding” and license laundering, generative AI is shaking the very foundations of Open Source. From the Chardet case study to the Ship of Theseus paradox, this is an analysis of an ecosystem where automated rewriting threatens to break the digital social contract and permanently erase the contributor’s footprint.

    Executive Brief

    The Open Source Era of “Vibe-coding” and License Erosion.

    I. Current State: The Breach of the Social Contract

    The emergence of Generative AI is transforming software development into a task of supervision rather than writing, a shift captured by the concept of “vibe-coding.” This computational power now allows for the total rewriting of complex libraries in just a few days. It shatters the natural barrier of effort that, until now, protected Copyleft licenses such as the GPL or LGPL.

    The Chardet Case Study: A total AI-driven rewrite in five days, followed by a pivot from a strict license to a permissive one (MIT). This effectively removes the obligation to “give back to the community.”

    II. Strategic Risks and Threats

    1. AI Washing & License Laundering: Using LLMs as “translation machines” to scrub original legal restrictions under the guise of syntactic novelty.
    2. The “Payload Gap”: A study reveals that 94.25% of AI artifacts omit mandatory copyright notices. This lack of documentation creates an invisible infringement risk for end-user companies.
    3. The Legal Impasse (Thaler v. Perlmutter): Code generated without direct human intervention may belong to the public domain. In a legal absurdity, maintainers are applying licenses to rights they do not theoretically possess.

    III. Philosophical Perspective: The Ship of Theseus

    The debate is not about syntax, it is about identity. If AI replaces every “part” (the code) but retains the “blueprint” (the logic and function), the work remains a derivative work. To claim otherwise is to validate appropriation without contribution, to the detriment of the original intellectual authorship.

    IV. Recommendations for the Enterprise

    1. Radical Provenance Audits: Move beyond surface-level analysis to track the “genetic” origin of the code using next-generation SCA (Software Composition Analysis) tools.
    2. Adopting “AI-Proof” Standards: Support the implementation of AI-specific SBOMs (Software Bill of Materials) to guarantee the traceability of training sources.
    3. Prioritizing “FOSS-respecting” Models: Direct technological choices toward transparent and auditable models. This ensures genuine digital sovereignty and long-term legal security.

    Conclusion

    AI must not become the enemy of Open Source. The permanence of our collective software heritage depends on our ability to intelligently implement rigorous traceability in the face of automated plagiarism.

    The AI Code Laundromat: Introduction

    Anyone familiar with the Open Source world will have noticed that Artificial Intelligence is disrupting the serenity and trust that the developer community has long enjoyed. It turns out that AI is becoming an industrial-scale tool for circumventing the licenses that, until now, protected the work of authors. This automation directly clashes with the vision of Linus Torvalds, for whom the strength of Open Source rests on a contract of reciprocity. For him, the right to use the work of others is inseparable from the duty to share one’s own improvements. Using AI to “launder” a license and appropriate logic without giving back to the community breaks the virtuous circle of collaboration that allowed the emergence of our greatest technological standards. Indeed, the arsenal of Gen AI tools unfortunately makes it possible to generate syntactically new versions of source code while preserving its business logic, to the detriment of the original authors and contributors. This intelligent automation undermines the rules and customs of intellectual property. It disrupts the ecosystem from a legal perspective and challenges the very principles of intellectual property.

    The Chardet library, an essential encoding detection tool downloaded over 130 million times per month, has become a textbook case in this regard. In just five days, this project was entirely rewritten using the Claude AI. Consequently, the new maintainers took the opportunity to pivot from a strict license (LGPL) to an extremely permissive one (MIT).

    To fully grasp the stakes of this legal shift, one must distinguish between the philosophies of these two licenses. The LGPL is a so-called “Copyleft” license that allows the use of code but mandates that any modification or improvement to the library must also be shared under the same license. In contrast, the MIT license is “permissive.” It allows for the reuse, modification, and even integration of the code into closed proprietary software, with the only real obligation being to preserve the original copyright notice. Moving from one to the other effectively removes the obligation to “give back to the community” what was borrowed.

    This practice reveals a growing phenomenon known as “AI Washing,” which currently manifests in two distinct ways that are deeply corrosive to the ecosystem. On one hand, there is license laundering, which involves using Large Language Models (LLMs) as literal “translation machines” for code. The goal is to scrub the original legal restrictions under the guise of technical rewriting. On the other hand, we see permissive washing, the deceptive labeling of AI artifacts as “free.” In these cases, models or datasets are presented as “open” even though indispensable legal documents, such as license texts and copyright notices, are entirely missing from the repositories. This lack of a legal payload, the physical absence of the license text within the code or model in favor of a mere label, makes these tools legally toxic for developers and companies. It turns a promise of openness into a true compliance nightmare.

    The Technological Aspect

    For a new generation of technicians, Generative AI can seem like a magic wand capable of liquidating years of technical debt in record time. We are witnessing the emergence of “vibe-coding.” This is a practice where the developer no longer writes code, but instead supervises the massive and instantaneous production of lines of code by a machine. The Chardet case illustrates this power perfectly. Where a manual refactor would have required months of work, AI made it possible to deliver a version in just a few days, boasting a staggering 48x increase in execution speed.

    The technological prowess displayed by AI tools is dissolving the major obstacles that once stood in the way human cost, time, and the intellectual effort required to rewrite complex code. Not long ago, any desire for a total refactor hit the natural wall of the task’s sheer scale. A lack of resources also immediately discouraged any attempt at license circumvention. Today, that barrier has fallen. With AI, the effort required to radically transform a software’s syntax while preserving its underlying logic has become virtually non-existent.

    It is necessary to clear up a major misunderstanding to fully grasp what is at stake. AI does not, in any way, perform what could be considered “Clean Room Design.” Historically, this method relied on an absolute wall between two groups of engineers. A “Dirty Room” team would analyze the original code to extract pure functional specifications, while a “Clean Room” team would write the new code based solely on those instructions, without ever having been exposed to a single line of the source software. This procedure was designed to prove in court that any final similarities were the result of technical necessity rather than plagiarism.

    However, an LLM is not an isolated entity, as it carries within it the footprint of its training data, which often includes the very source code one is trying to rewrite. When a developer submits a block of code to an AI for improvement, the algorithm invents nothing. In reality, it acts as a high-level translator. The original logic, structure, and inventiveness persist, even if they appear in a new syntactic form. It is clear, then, that AI does not create. In a sense, it camouflages. Ultimately, changing the words is not enough to erase the invention. Under the varnish of a new syntax, the code remains a derivative work that still belongs to its original author.

    This technical ease creates a void in terms of traceability. If the prompt used contains all or part of the original source code, the AI technically cannot guarantee that its output is not simply plagiarism by reformulation. For the community, this means a project could appear visually new while being, in reality, a form of automated infringement. Worse still, provenance auditing would become nearly impossible without extremely sophisticated similarity analysis tools. This computational power does not merely serve technical performance. It must be understood as the engine of a deliberate legal circumvention strategy.

    Strategic and Economic Drivers of “Laundering”

    While switching to a permissive license via AI certainly serves a technical purpose, a closer look reveals it is equally a deliberate strategy to disengage from Copyleft obligations. The primary lever for this practice is the desire to neutralize the recursive nature of Copyleft licenses, which ensure the persistence of authorship rights. For a corporation, restrictive licenses like the GPL are perceived as a heavy burden because they mandate the public release of the source code for any derivative work. By using AI to “wash” the original code and re-license it under MIT or Apache, organizations can bypass this risk. In doing so, they grant themselves permission to privatize entire segments of collective intelligence, appropriating them into proprietary products or SaaS offerings to generate profit without ever having to redistribute their own improvements.

    Beyond the commercial stakes, AI offers a really new administrative shortcut. Historically, changing the license of a legacy project required the unanimous consent of every contributor. In practice, this process was often impossible to carry out. Here, the machine allows developers to evade this requirement for consensus through a complete syntactic rewrite. Thus, new maintainers claim to start from a technical “blank slate” to avoid the legal burden of recognizing past authors. This practice makes it possible to resolve technical debt at a negligible cost. As illustrated by Chardet’s spectacular performance leap (recall that its speed increased 48-fold) AI does more than just change a legal label. It makes a full refactor nearly instantaneous. What once required months of manual labor is now liquidated in a matter of days. For Big Tech, the stakes are colossal. The goal is to transform nearly the entire Open Source heritage into a raw data set, stripped of its copyright notices, to fuel proprietary models.

    Redefining Intellectual Property

    The situation borders on the absurd when these practices are confronted with current case law, specifically the Thaler v. Perlmutter case. In this instance, the United States Copyright Office maintains that works generated without direct human intervention cannot be protected by copyright. This results in a total legal impasse. If AI-produced code belongs to the public domain by default due to the lack of a human author, new maintainers theoretically lack the standing to apply an MIT license to it. We are entering a reality where it becomes possible to grant or restrict rights that one does not technically possess.

    Beyond these theoretical debates, the reality on the ground reveals a massive erosion of legal safeguards. A study from Queen’s University highlights an alarming phenomenon where 96.5% of datasets and 95.8% of models labeled as “permissive” omit the mandatory license text. As a reminder, “permissive” refers to licenses (such as MIT or Apache) that allow for broad reuse, including commercial use, with the primary requirement being the obligation to credit the original author and include the license text. Unfortunately, we see here that the law is fading behind a simple marketing metadata tag with no real legal value. For the end user, this “Payload Gap” creates a false sense of security. They believe they are handling an open tool, when in fact they are exposing themselves to infringement risks due to an inability to prove the chain of title.

    Toward “AI-Proof” Licenses?

    To counter this erosion of legal protections, the open-source community is beginning to build new ramparts capable of restoring a form of legal guarantee. These new types of licenses, dubbed “AI-proof,” aim to close the loopholes exploited by automated laundering.

    One of the primary levers is to legally neutralize the “Clean Room” myth. New clauses could explicitly stipulate that any code generated or translated by an AI model exposed to the original source code during its training constitutes, by nature, a derivative work. Such a provision would prohibit the use of an LLM as a mere “syntactic engine” to bypass Copyleft obligations. In this scenario, we would simply restore the legal lineage that the AI sought to erase by linking the output to the training source.

    We are witnessing a major strategic shift. This change is significant because the focus is no longer just on who has “the right to copy the code”, but rather on “what they are allowed to do with it”. This is the core purpose of RAIL (Responsible AI Licenses). Unlike traditional licenses that govern how code is copied, RAIL licenses introduce behavioral rules. They impose limits on how the model can be used (for instance, prohibiting surveillance or disinformation) and require these constraints to propagate to all downstream applications. It is a compelling way to regain control over the technology’s ultimate purpose rather than just its text. A technical counter-offensive is also necessary. To combat the “Payload Gap,” traceability standards such as AI-adapted SBOMs (Software Bill of Materials) are currently under development. The goal is to force models to embed an unforgeable digital identity of their sources. In this scenario, a tool’s inability to provide this proof of provenance would render any commercial exploitation of the generated code legally void. In this context, traceability becomes a sine qua non for legality.

    Strategic Risks and Shifts for the Enterprise

    For decision-makers and legal counsels, integrating AI-“laundered” code is no longer a simple matter of technical monitoring, but a major operational risk. Incorporating a component whose license has been altered by a syntactic engine is equivalent to injecting an invisible vulnerability into the heart of the software supply chain. During a deep audit, such as during a fundraising round, a merger and acquisition (M&A), or an initial public offering (IPO), the inability to prove the legitimacy of a license could invalidate the very value of a technological asset. It is therefore becoming vital to use next-generation Software Composition Analysis (SCA) tools, capable of tracking not just library names, but the “genetic” origin of the code itself. This threat extends beyond the corporate world to touch the very essence of Free Software. According to Bruce Perens, widely regarded as one of the founding fathers of Open Source, this capacity for industrial-scale cloning by AI could well signal the death knell of the current model. In his Keynote “What comes after open source?”, he ironically states: “We’re an excellent welfare program for corporations. Our users are the richest companies in the world.” We must acknowledge that if any actor can appropriate a Copyleft project and “turn” it proprietary by running it through an LLM, then licenses like the GPL lose their protective power. In this case, the social contract ensuring that everything taken from the community must be returned to it literally shatters. Open Source becomes a free reservoir for proprietary software.

    Yet, amid this chaos, an opportunity is emerging for the most visionary entrepreneurs. Since they are becoming an abundant commodity, easy to generate, the value of software may no longer reside in the lines of code themselves, but rather in the quality of its architecture, its maintenance, and above all, its production ethics. The future likely belongs to “FOSS-respecting” AI models. Unlike “opaque box” models, a “FOSS-respecting” approach does more than just comply with the law (such as the European AI Act). It goes further by guaranteeing true digital sovereignty. This specifically involves using models and datasets whose provenance is auditable. The idea here is to verify that no copyrights were violated during training. For an enterprise, choosing these tools becomes a major strategic asset. It represents a commitment to transparent technology. It establishes that compliance is community-verifiable, which eliminates any hidden legal liabilities linked to code “laundering.” This becomes a selling point. The company can market a clean, transparent technology, free from any concealed legal baggage.

    Ethical Perspective

    Beyond lines of code and contractual clauses, AI raises a fundamental ethical question that brings us back to a millennia-old inquiry. This is the philosophical thought experiment concerning the notion of identity, known as the Ship of Theseus. If every single plank of Theseus’s ship is replaced one by one until none of the original parts remain, is it still the same ship?

    When applied to code, the dilemma is striking. We realize that AI can rewrite every line of syntax, optimize every function, and rename every variable, effectively replacing the linguistic “planks” of the original text. Yet, if the logical structure and functional architecture remain those of the initial work, can we truly claim to have created a new legal object? 

    This inquiry finds a direct echo in recent research, notably the study “A Ship of Theseus: Curious Cases of Paraphrasing in LLM-Generated Texts,” which highlights a disconnect between form and substance. When an AI paraphrases, we observe a prioritization of style over content. In other words, while the original author’s stylistic signature fades in favor of a generic imprint unique to the Gen AI model, the semantic content itself often remains intact. This phenomenon questions the “continuity of identity” of the work. According to this theory, as long as the fundamental attributes persist, whether it be the logical design or the function of the code, the object retains its original identity. We can see an analogy here with Da Vinci’s Mona Lisa. If a contemporary artist were to offer a version using fluorescent pigments or spray-paint techniques, the Renaissance “touch” would disappear in favor of a modern style. Yet, the work would still be recognized as Leonardo da Vinci’s. Why? Because the identity of the painting does not reside solely in the type of paint used, but in its geometric composition, the precise tilt of the gaze, the pyramidal structure of the subject, and so on. In this view, according to the study, authorship should remain with the initial creator as long as their unique concepts are preserved. Therefore, AI rewriting is merely a syntactic mask. It follows that one cannot justify a change in licensing or ownership based on such a transformation.

    On the other hand, if one considers that the active act of transformation is what defines an author, then AI could be seen as the true creator of this new version. This ambiguity underscores that traceability has become a sine qua non for determining whether we are facing a mere writing aid or a true substitution of identity. For defenders of Open Source ethics, the answer is clear. They claims that changing the planks (the syntax) does not change the ship’s blueprints (the intellectual property), just as a Mona Lisa painted in pink remains the work of Da Vinci. In this light, AI facilitates appropriation without contribution, allowing one to claim ownership of a “new” vessel when they have merely masked the work of another. Thus, AI automates reformulation, offering the possibility to plunder a project’s intelligence without ever nourishing the ecosystem. This effortless “translation” dehumanizes source code, its authorship, and intellectual property. It transforms code into a raw commodity that can be appropriated through a simple prompt, ultimately shattering the principle of reciprocity that lies at the very heart of Open Source.

    This techno-legal drift is giving rise to a crisis of attribution. The figures from the study “Permissive-Washing in the Open AI Supply Chain: A Large-Scale Audit of License Integrity” speak for themselves. According to the researchers, today, barely 5.75% of applications preserve the copyright notices of the models or datasets used. By erasing these mentions, we are not merely violating a legal rule, we are breaking the chain of recognition upon which the careers and reputations of developers depend. Now, code is being generated on such a massive scale that the original author tends to be drowned in the depths of machines and models. This systemic erasure risks discouraging the contributors of tomorrow, who may legitimately ask themselves: why offer their work to the community if an AI is to eventually digest it and spit it back out under an anonymous or, worse, proprietary banner?

    Open Source DNA at the Core of Models

    It is worth recalling a fundamental truth, often brushed aside in the marketing discourse of AI labs. By its very nature, Open Source Software forms the very backbone of every LLM. Since these models have been trained by blindly “scraping”, without authorization and even less remuneration, everything accessible online, open code is not merely a source of inspiration, it is, in fact, embedded in the very structure of the system. This means that, in essence, Open Source is an integral part of the model, regardless of the denials or semantic gymnastics of AI developers. As long as a developer cannot provide irrefutable proof of a completely “clean” training dataset (a certification that, in practice, will never happen!)the model remains fundamentally tied to the community work it has absorbed.

    Conclusion

    “AI Washing”, whether through license laundering or permissive washing, is not merely a technical issue or a debate for legal experts. It is a profound breach of the digital social contract that has bound creators and users together since the dawn of Open Source. By enabling the automation of appropriation without contribution, Generative AI risks transforming one of the finest examples of human collaboration into an anonymous data reservoir for proprietary software. Faced with this phenomenon, the question arises: are we forced to resign ourselves to a state of affairs where the notion of authorship must bow to the power of Gen AI? Or rather, will we be able to impose tangible traceability through “AI-Proof” mechanisms? The answer to this question will determine whether AI becomes a vehicle for sharing and innovation, or whether it acts as the catalyst for the end of Open Source by hijacking human contribution. For companies and developers alike, choosing transparent and respectful (FOSS-respecting) tools is no longer an ethical option. It is becoming a strategic necessity to preserve trust and the long-term viability of our software heritage.

    The Ship of Theseus experiment leaves us with our backs against the wall. We must ask ourselves: if an entire ship is rebuilt using the planks removed from the original, which one is the true ship? By using AI to “launder” syntax, we create nothing, we simply displace ownership. If we accept that the machine can erase the origin of the wood to preserve only its shape, the very concept of sharing is called into question.

    A sustainable ecosystem cannot be built on “laundered” code. By separating logic from its license, AI does not liberate software, it dispossesses it of its identity and its rights. The true danger is not that the machine will replace the developer, but that it will serve as a screen for unapologetic appropriation within a “shadow legal system.” Protecting attribution is not about slowing down progress, quite the opposite, it is about ensuring that the reservoir of common knowledge is not drained by the very people who refuse to replenish it.

    Sources & References:

GSDRF.ORG