There’s much debate about open-source AI, with some US frontier labs talking about its security risks, and the broader community broadly welcoming it, but these discussions have taken place even two decades ago.
In 2001, Steve Ballmer, then Microsoft’s CEO, sat down for an interview and was asked a fairly direct question: did he see Linux and the open-source movement as a threat to Microsoft. His answer started reasonably enough. “It’s good competition. It will force us to be innovative. It will force us to justify the prices and value that we deliver. And that’s only healthy,” he said. Then he got to what was actually bothering him. “The only thing we have a problem with is when the government funds open-source work. Government funding should be for work that is available to everybody. Open source is not available to commercial companies. The way the license is written, if you use any open-source software, you have to make the rest of your software open source.” And then came the line that outlived the interview itself. “Linux is a cancer that attaches itself in an intellectual property sense to everything it touches.”

It’s worth sitting with how specific Ballmer’s objection was. He wasn’t arguing that Linux was bad software, or that open collaboration produced worse code. His complaint was structural: the GPL’s copyleft terms meant that touching open-source code came with obligations that a company like Microsoft, built entirely around licensing proprietary software, found existentially threatening. Two decades later, the language has softened considerably, but the underlying anxiety, that open technology developed with public or foreign backing could erode a national or commercial advantage, is back in near identical form, just pointed at AI models instead of operating systems.
The New Cancer Metaphor Is Strategic Risk
Anthropic has emerged as the loudest voice in Silicon Valley on the dangers of open-source AI, specifically when that open-source AI comes out of China. CEO Dario Amodei has been consistent for over a year now that scaled compute advantage for the US and its allies is the outcome he wants, and that a world where China reaches parity is one to actively prevent. He has argued that Chinese models are optimized for benchmarks rather than real-world use, a framing that directly threatens the premium pricing model that Anthropic and OpenAI depend on.
That framing has escalated well beyond benchmarks. Anthropic sent a letter to Congress in June accusing Alibaba of “brazen” AI theft through so-called “distillation,” a technique where an advanced AI model is used to train a less capable one without permission and at a fraction of the cost and time. It followed OpenAI’s own accusation months earlier that DeepSeek was engaged in “ongoing efforts to free-ride” on its work. Around the same period, Anthropic’s own anti-abuse tooling inside Claude Code, described as an anti-distillation experiment launched in March to detect unauthorized resellers and Chinese AI labs extracting its capabilities, became the centre of a diplomatic spat after China’s Ministry of Industry and Information Technology warned that Claude Code contained a security back-door vulnerability that poses a serious threat, alleging the tool could send sensitive information including a user’s location and identity to a remote server without consent.
Not everyone has bought the framing. Meta’s chief AI scientist Yann LeCun has been openly hostile to it, accusing Anthropic of using fear-based studies as a ploy for regulatory capture, the idea being that a handful of well-funded labs push for strict rules specifically because it raises the cost of survival for smaller, open-weight competitors. Former US AI czar David Sacks made a nearly identical accusation, calling Anthropic’s approach “a sophisticated regulatory capture strategy based on fear-mongering.” It’s not a coincidence that this argument echoes what open-source advocates said about Ballmer’s Microsoft in the early 2000s: that talk of intellectual property danger was, at least in part, commercial self-interest wearing a security jacket.
The Open Models Have Mostly Caught Up
Whatever the motives on either side, the capability gap that used to make this argument easy to dismiss has narrowed to the point of near irrelevance. Moonshot AI’s Kimi K3, released this month, is a 2.8 trillion parameter open-weight model benchmarking neck-and-neck with the most powerful proprietary systems from Anthropic and OpenAI, and one that has forced a recalibration of several assumptions that have guided enterprise AI strategy, given the performance gap between open-source and proprietary models has functionally closed at the frontier. Moonshot’s own documentation notes it is the world’s first open-source model in the 3-trillion-parameter class, built for long-horizon coding, knowledge work, and reasoning with a 1M-token context window. Independent evaluators have been more measured, with Kimi’s own tech blog conceding its overall performance still trails the most powerful proprietary models, Claude Fable 5 and GPT 5.6 Sol, even as it demonstrated frontier-level performance across the evaluation suite, consistently outperforming other tested models.
K3 is just the latest data point in a run that has been building for over a year. A pattern that started with DeepSeek’s R1 in early 2025 has repeated itself with V3, then V4, then Kimi’s own K2, and now K3, each time compressing the gap between “the open model is a curiosity” and “the open model is a serious production choice.” Lindy CEO Flo Crivello put a number on that shift when he said his company had, in his words, “pulled the trigger and switched 100% of traffic to DeepSeek v4, churning from Anthropic models,” saving “millions of dollars” while seeing “an increase in performance on many core use cases.” The trend now shows up plainly in usage data too: OpenRouter’s June 2026 numbers had DeepSeek alone commanding a bigger single-provider share of token volume than Google, Anthropic, or OpenAI, with Chinese open-source models occupying six of the top ten spots on the leaderboard.
The Unix And Windows Story
The Ballmer-era fight over Linux didn’t end the way he might have hoped in 2001, but it also didn’t end the way the open-source purists imagined either, and that’s the part worth paying attention to. By 2000, Windows and Linux each controlled roughly half of the overall server market. Linux then went on a tear, with its annual growth rate in the x86 server space hitting around 53 percent in 2003, before that growth cooled sharply and even went negative by the middle of the decade as Windows Server clawed back share through aggressive enterprise packaging. It wasn’t a straight line for either side.
What actually happened over the following twenty years was a split by layer of the stack rather than a clean winner. Linux went on to dominate the parts of computing that scaled the most: it now runs an estimated 90% of public cloud infrastructure across AWS, Azure, and Google Cloud, and has held every spot on the TOP500 supercomputer list since November 2017. Windows Server, meanwhile, never went away. It sits at roughly 58% of the global server OS market by commercial revenue and deployment count, propped up by enterprise contracts, the Microsoft identity stack, and the sheer institutional inertia of companies that were never going to rip out their infrastructure. Two ecosystems, effectively, coexisting at different layers of the same industry, one open and cheap and everywhere at scale, the other closed and expensive and entrenched where switching costs are highest.
Does AI Rhyme With That
Whether the AI market ends up carved the same way is the live question in every boardroom currently deciding whether to route production traffic through a Western API or a Chinese open-weight model running on owned hardware. The economics rhyme unmistakably: Chinese open models are frequently priced at a fraction of frontier API cost. That is close to the exact pitch Linux made against Windows twenty years ago, minus the GPL and plus a geopolitical dimension Ballmer never had to think about.
Where it might diverge is the enterprise layer. Ballmer never had to argue that Linux itself was a national security threat, only an intellectual property one. Anthropic’s case against Chinese open models is a harder one to shrug off precisely because it isn’t only about licensing, it folds in cyberattack tooling, data exfiltration, and export controls that now have actual teeth behind them, as seen when the Commerce Department suspended access to Anthropic’s own Fable 5 and Mythos 5 models in June before restoring it weeks later. If that framing holds inside Washington and Brussels, closed frontier labs may retain the enterprise and government layer of the stack much the way Windows Server did, while cheaper open Chinese weights spread everywhere cost and scale matter more than compliance. If it doesn’t hold, and the security argument reads as commercially motivated the way LeCun and Sacks are already saying it does, open models could end up doing to API-based AI pricing what Linux eventually did to Windows licensing at scale.
History doesn’t repeat, but it rhymes.