Ask HN: How do solo devs protect their work in the age of vibe coding?

I am working on a new open-source project. (My project is in AI infrastructure. It already gets SOTA results on several well-known benchmarks.) The core value is not just the code, but a fairly specific algorithmic approach that came out of many failed attempts, experiments, and design iterations.

The dilemma I am facing is this:

If I open-source early, I get feedback, trust, users, and maybe contributors. But I also expose the core design and algorithm. With LLMs, turning a repo into a different implementation is much cheaper than it used to be.

If I keep it closed, I protect the work for longer, but I also lose the main advantages of OSS: adoption, review, community, and credibility. Worse, someone else may still build something similar and become the default project in the space.

I’m a new solo dev with almost no audience. If a large org or a well-known developer sees the idea and ships a similar implementation, they can get more attention immediately than I can get in months. And in the end I get nothing for open-sourcing my project.

How would you handle this as a solo dev?

27 points | by langs 1 day ago

18 comments

  • anatoli_k 9 hours ago
    Solo dev here, shipped a security scanning SaaS where the core value is in the scoring methodology and detection logic. These are exactly the kind of thing that looks algorithmically copyable. What I learned is that the algorithm was never the moat. The moat is the boring stuff around it - handling edge cases at scale, calibrating thresholds against real world data, the integrations, support quality, response time and honestly just being the project that's still maintained 18 months later when someone Googles your problem. A large org or well known developer who clones your idea has to commit headcount to maintain it, most of them won't. The ones who do, will move slower than you because they have stakeholders, they need to do meetings, sync and prioritize tasks. Speed of iteration based on real user feedback is something a solo dev wins at by default, but only if you have users and you don't get users by hiding. Open source your project, license it AGPL if commercial use worries you, but spend more time on the launch than the license. Additionally, remember that even with licensing, the cost of protecting your licensed services can be too big to handle for solo developers and that alone can kill the project. My personal point of view is that the thing that kills solo projects is not theft - it's lack of progress.
  • alegd 8 hours ago
    the painful truth is that if a big org wants to copy your approach they will, open source or not. They have the resources to reverse engineer anything from a paper or a benchmark.

    I'd open source early. The community, feedback, and credibility you get compounds over time. Being first AND open builds a reputation that a clone cant buy. The algo might be replicable but being the person known for it isn't.

  • ertok 1 day ago
    1) If it's open source, what's the incentive to steal from you anyway? It's free. That's one of the interesting moats in the age of AI.

    2) If it's at risk of being stolen/copied today, it will be the same thing 10-100-1000 days from now. There is no hiding from AI copy cats. Just put it out there and find out if someone actually will want to do it. If yes, you saved yourself a bunch of time.

  • gitgud 1 day ago
    > I’m a new solo dev with almost no audience. If a large org or a well-known developer sees the idea and ships a similar implementation, they can get more attention immediately than I can get in months. And in the end I get nothing for open-sourcing my project.

    This has always been a fear of open source development… but in reality it’s over exaggerated, thousands of FOSS ideas are posted every day…

    My advice would be to treat posting your project like a launch, and get all the readme’s, docs etc ready before posting, so it has the best chance of growing an audience, which seems to be your goal.

    But if you really don’t want other people to recycle your idea, then open source is not for you…

  • djyde 1 day ago
    If your open source code contains your technical barriers, then don't open source the code with those barriers—only open source the other parts.

    If it's the other case, where you're worried about plagiarism, I actually don't think you need to be too concerned. I once saw an interview with Airbnb's founder Brian Chesky where he talked about how Airbnb also faced many imitators in its early days. These competitors grew rapidly too, but looking back, the difference between imitators and originals is that while imitators might get off to a quick start, they find it hard to persevere through difficulties like the original does in the mid-to-late stages. In the end, it's often the original who stuck with their vision that survives.

  • gajo357 1 day ago
    There is no way to protect your idea from being copied/stolen.

    It happened a million times over, you have some brilliant idea, people start using it, and after a few months some big company puts 10-100 engineers on it and they do the same thing.

    I would say that the key is to get to a big enough audience so they would rather buy you out than compete. Easier said than done :P

    And the biggest question is: do you want to commit 100% of your time and money to building your company, or you would rather spend your time building new things?

  • preetigagarwal 1 day ago
    API security is the most common blind spot. Vibe coding tools generate endpoints fast but almost never think about broken authentication, excessive data exposure, or injection flaws. A solo dev can ship a beautiful frontend with completely exposed APIs behind it. At minimum — test your own endpoints like an attacker would before going live.
  • comicink 1 day ago
    Open source but license it properly - AGPL works best if you are worried about someone making money off your idea. Honestly though with AI everything is copyable - wouldn't worry about that. Instead focus on the fastest path to get feedback and iterate
  • anigbrowl 1 day ago
    Vibe litigation

    Seriously, I think you should just do it closed source and pursue adoption by other channels. If people ask you why it's not open source, say you're not ready to manage it yet.

    [-]
  • shivang2607 1 day ago
    If you are building something which can be vibe-coded easily then it ofc people will create it. You can copyright a product but you can't copyright an Idea.

    Selling things online was an idea by Amazon, now everyone sells online.

    If you really want people not to copy your idea then make something which cannot be easily vibe-coded or copied easily i.e. which require serious skills.

  • red-iron-pine 1 day ago
    see also: https://ryelang.org/blog/posts/cognitive-dark-forest/

    (posted on HN a couple of weeks back)

  • bigyabai 1 day ago
    Is your project a vibe-coded application? It sounds like you're insecure about someone copying your idea, which will could happen regardless of licensing if anyone has access to Claude Code and a description of your product.

    If your primary motivation to use an Open Source license is gaining trust and users, you're just going to be disappointed.

    [-]
    • langs 1 day ago
      I vide-coded some, but the core is hand-craft arch/algorithm, that's the most valuable part I want to protect.
      [-]
      • faangguyindia 1 day ago
        Then it's already gone to AI servers. They slurp your codebase.
    • liam-chen 1 day ago
      totally agree
  • pukaworks 1 day ago
    [dead]
  • andy_pl 18 hours ago
    [dead]
  • justin1006 1 day ago
    [dead]
  • ryan_tc 21 hours ago
    [dead]
  • LouisLau 1 day ago
    [dead]
  • spotlytt 1 day ago
    [dead]