Josef Prusa Warns of Security Risks and Licensing Violations by Bambu Lab

Licensing Conflicts and Open-Source Integrity

Josef Prusa, founder and CEO of Prusa Research, has publicly addressed the ongoing controversy surrounding Bambu Lab. His concerns center on Bambu Lab's alleged violation of the AGPL-3.0 license used by PrusaSlicer. Prusa emphasizes that while Bambu Studio is based on PrusaSlicer, the company has incorporated a closed-source networking "black box" binary, which fundamentally contradicts the "copyleft" requirements of the AGPL license.

According to Prusa, the "social contract" of the open-source community dictates that developers who benefit from existing software must contribute their own modifications back to the community. He argues that by splitting the software into a slicer component and a proprietary, non-auditable plugin, Bambu Lab is attempting to circumvent these legal obligations.

Security Concerns and the "Black Box" Issue

The core of Prusa's warning extends beyond legal licensing matters into the realm of cybersecurity. He points out that the network plugin used by Bambu Lab cannot be audited, as it is downloaded from a Content Delivery Network (CDN) and can be updated remotely by the manufacturer at any time. This lack of transparency presents a significant risk, as users are essentially running opaque code on their personal machines.

Geopolitical Implications and Data Privacy

Prusa highlights the complexities of operating within the current Chinese legal framework, noting that local companies are often subject to regulations that mandate cooperation with state intelligence gathering. He references a series of laws enacted between 2017 and 2023 that, in his view, create a system where industrial data and encryption keys can be accessed by government agencies.

«Together they describe a system with no neutral exits. Cooperation is required, encryption is real, but the spare keys live at the ministry, jurisdiction follows the company across borders, industrial data is in scope, and discovered vulnerabilities flow to an intelligence agency,» states Prusa.

The Strategic Importance of 3D Printing Data

Prusa suggests that the interest in 3D printing technology by foreign entities may be strategic. Because 3D printers are frequently used in sensitive environments—such as R&D departments, defense laboratories, and hardware startups—the software controlling these machines has access to highly valuable intellectual property. The "slicer" software, which resides on a user's computer and processes design files, acts as a potential bridge to that sensitive data.

Prusa concludes that this issue is not limited to 3D printing alone. He warns that similar concerns regarding opaque software and cross-border data flows could potentially apply to various other industries, including AI development, automotive software, and connected camera systems.