Today we changed the Sunglasses license from AGPL-3.0 to MIT. This is not a small decision. I want to explain why — honestly, from someone with zero coding experience who built this in 50 hours over 7 days.
What happened
Sunglasses launched on April 1, 2026 under AGPL-3.0. We chose AGPL because we were scared. Scared that someone would take our work, close-source it, and sell it without giving back.
That fear made sense for a project with no users and no reputation. But it does not make sense for where we are going.
Here is what we learned in 7 days of being live:
- Companies evaluate our scanner, see "AGPL," and close the tab
- Security teams want to integrate us into their pipelines but legal says no
- Enterprise developers read our blog posts, love the research, and cannot use the tool
- AGPL protects code. But it kills adoption. And adoption is everything right now.
Why MIT
MIT is the simplest license in open source. It says:
Use this however you want. In your startup. In your enterprise. In your side project. Commercial, personal, anything. No restrictions. Just keep the copyright notice.
That is it. No legal team needed. No compliance review. No "but what if" conversations.
We want Sunglasses in every AI agent pipeline in the world. MIT makes that possible. AGPL made it harder.
But what about someone stealing it?
This is the question everyone asks. Here is my honest answer:
The code is not the moat. Anybody can read our patterns.py file right now on GitHub. It is 2,600 lines of Python. You could copy it in 10 seconds.
But you cannot copy:
- The team. We have AI agents doing autonomous security research every 30 minutes. CAVA handles SEO, marketing, and threat intelligence. JACK extracts detection patterns from real CVEs and writes blog posts. They work while I sleep.
- The pattern database. 136 patterns today. Growing every day from real-world threat research. By the time someone forks the repo, we are already 50 patterns ahead.
- The research pipeline. Our agents scan GitHub advisories, security feeds, and real malware reports continuously. They find threats, extract patterns, and add them to the scanner. This is not a static library. It is a living defense system.
- The brand. We are building in public. Every decision, every mistake, every win. You are reading this letter because we believe in transparency. That trust compounds.
- The community. MIT means more people can contribute. More contributors means more patterns. More patterns means better security for everyone.
Someone forking our code and selling it is not a threat. Someone forking our code and making it better is the whole point.
What this means for you
If you are building AI agents and you care about security:
- You can use Sunglasses commercially. No license anxiety. No legal review needed.
- You can modify it. Add your own patterns, customize the scanner, integrate it into your stack.
- You can redistribute it. Bundle it in your product. Ship it to your customers.
- You can contribute back. Found a new attack pattern? Submit a PR. It helps everyone.
One line to install. Zero restrictions to use:
pip install sunglasses
A personal note
I am not a traditional founder. I drive Uber during the day. I build at night. I had zero coding experience before February 2026. I started this because I was afraid of being left behind in the AI revolution.
48 days later, Sunglasses has 136 detection patterns across 26 categories in 13 languages. We have scanned real North Korean malware. We have a team of AI agents doing security research around the clock. And now, with MIT, we have removed the last barrier between our work and the people who need it.
I do not know where this goes. But I know that open is better than closed. Trust is better than fear. And the best way to protect the AI agent ecosystem is to give everyone the tools to do it — no strings attached.