Every part of this is genuinely funny. Viktor launching basically OpenClaw for slack (because claw is MIT so yolo let's go mac some monnney and PJ outta Dubai etc etc). Some guy getting all their source code just by asking Viktor for it. Then rebuilding their core in a couple days because there's basically nothing there. push MIT to Github. TeamViktor's faces surely? But they're busy diamond handsing all the way to the moon so probably don't even care. XD
john_strinlai 26 minutes ago [-]
>MIT so yolo let's go mac some monnney and PJ outta Dubai etc etc
>TeamViktor's faces surely? But they're busy diamond handsing all the way to the moon so probably don't even care. XD
would anyone please be so kind to translate these parts of this comment into something a 45+ year old would understand?
krzkaczor 2 hours ago [-]
I don't get it, what OP actually reverse engineered? OpenClaw itself? Of did Viktor team created their own OpenClaw like agent?
zggf 26 minutes ago [-]
Exactly, the team designed their own agent architecture tailored to slack and enterprise setting, that is not based on any popular agent architecture like OpenClaw, NanoClaw, IronClaw or any others that I checked against.
(I don't know anything about OpenClaw and on a deeper level, I don't wish to learn about it either considering all the security implications that it generally has)
hmokiguess 3 hours ago [-]
A lot of folks talking about the legality basis of this approach, I think the focus should be more around the true moat behind these hype growth hack companies out there.
This sort of exposure is good, in my opinion it enables competition to emerge with true business moat rather than just "do it first, do it fast, worry last" type of thing we're seeing.
redfloatplane 7 hours ago [-]
There are gonna be some really interesting legal decisions to read in the coming years, that’s for sure…
---
The rest of this comment is irrelevant, but leaving for posterity, I had the wrong Viktor - it's getviktor.com not viktor.ai:
Edit: this one particularly interesting to me as both parties are in the EU. VIKTOR.ai is a Dutch company and the author of this post is Polish.
The ToS for Viktor.ai include the following fun passages:
> 18.1. The Agreement and these Terms & Conditions are governed by Dutch law and the Agreement and these Terms & Conditions will be interpreted in accordance with Dutch law.
18.2. All disputes arising from or arising in connection with the Agreement and/or the Terms & Conditions will be submitted exclusively to the competent court in Rotterdam, The Netherlands.
7.3. The Customer is not permitted to change, remove or make unrecognizable any mark showing VIKTOR's Intellectual Property Rights to the Software. The Customer is not permitted to use or register any trademark or design or any domain name of VIKTOR or a similar name or sign in any country.
8.5. The Customer may not cause or allow any reproduction, imitation, duplication, copying, sale, resale, leasing or trading of the Services and/or the Software, or any part thereof.
zvqcMMV6Zcr 7 hours ago [-]
Terms of service might matter more for terminating that user account. Whole ordeal is just plain copyright violation. The author had no licence to that internal code, and whitewashing it with LLM will achieve nothing. That case is much clearer than that recent GPL->BSD attempt story.
duskdozer 6 hours ago [-]
If LLM-generated code isn't considered a derivative work of the original, then whether the author was licensed to use the code doesn't matter. But I'm sure the courts will rule in favor of your view regardless. Laundering GPL is in corps' interest and laundering their code is not.
redfloatplane 7 hours ago [-]
I think it comes down to the company's appetite for legal action, doesn't it? This case is imo pretty clear but the vibe has quite the smell of Oracle v Google to me.
But, yeah. More than likely this case is a simple account termination and some kind of "you can't call your clone 'openviktor'" letter.
skeledrew 2 hours ago [-]
According to US courts, the output can't be copyrighted at all. It's automatically in public domain after the "whitewash", regardless of original copyright.
Thats not at all what this ruling said. What the courts found was that an AI cannot hold copyright as the author. That copyright requires a human creative element. Not that anything that was generated by an LLM can't be subject to copyright.
As an example, a photo taken from a digital camera can be subject to copyright because of the creative element involved in composing and taking the photo. Likewise, source code generated by an LLM under the guidance of a human author is likely to be subject to the human authors copyright.
NicuCalcea 3 hours ago [-]
Isn't this exactly what LLMs themselves do? They ingest other people's data and reproduce a slightly modified version of it. That allows AI companies to claim the work is transformative and thus fair use.
MartiCarmona 7 hours ago [-]
Someone tell every startup in YC they are criminals
codetiger 7 hours ago [-]
There are also new jobs emerging to safeguard a companies assets that were created by AI. New white hat hacking opportunities.
Anyways, however you put this, I see this as a property theft and taking pride at open sourcing does not justify it.
ralferoo 7 hours ago [-]
It's also disingenuous to call it open source as that might tempt others to use it believing that it actually is open source.
Let's call it what it is - stolen IP and released without permission of the author. Sure, it's good that it opens the debate as to whether that's ethical given that's essentially what the model itself is doing, but it's very clear in this instance that he's just asked for and been given a copy of source that has a clear ownership. That's about as clear cut as obtaining e.g. commercial server-side code and distributing it in contravention of the licence.
redfloatplane 7 hours ago [-]
It's not completely clear that this is the original source. According to the post it's a reimplementation based on documentation created from the original source, or perhaps from developer documentation and the SDK. Whether that's the same thing from a legal standpoint, I don't really know - I think from a personal morality standpoint it's clear that they are the same thing.
vrganj 5 hours ago [-]
It feels more like clean room reverse engineering by llm, technically.
cycomanic 3 hours ago [-]
Well first they need to proof that Viktor was actually copyrightable. If it was largely written by an llm, that might not be the case? AFAIK several rulings have stated that AI generated code can not be copyrighted.
metalcrow 2 hours ago [-]
This is a common misreading of the law. AI cannot hold authorship of code, but no ruling has claimed so far that ai output itself can't be copyrighted (that I know of)
That said, the article says "Okay, prompts, great. Are they any interesting? Surprisingly... yes. As an example workflow_discovery contains a full 6-phase recipe for mining business processes out of Slack conversations, something that definitely required time and experiments to tune. It's hardcoded business logic, but in prompt instead of code."
So the article author clearly knows this prompt would be copyrighted as it wasn't output from an AI, and recognises that there would have been substantial work involved in creating it.
dsjoerg 6 hours ago [-]
it's not viktor.ai it's getviktor.com
redfloatplane 6 hours ago [-]
Ah, you're right. Headquartered in Delaware. Oh well. Thanks for spotting!
zggf 7 hours ago [-]
I could do the same thing but not publish it, still getting the value of their product without legal concerns. Now, what happens when it becomes even easier thanks to AI improving, and takes few hours instead of few days?
redfloatplane 7 hours ago [-]
You could certainly do that in private but that doesn't mean it's not 'without legal concerns'. But, not shouting about it and not creating a repo called 'openviktor' would probably be a safer bet.
I certainly think the whole idea of IP ownership as related to software will become very interesting from a legal standpoint in the coming years. Personally I think that, over time, the legal challenges will become pretty overwhelming and a sort of legal bankruptcy will be declared at some point in one direction or another (as in, allowing this to happen or making it extremely easy to bring judgement and punishment, similar to spam laws). However, I would not want to be the first to find out, especially in Europe.
skeledrew 2 hours ago [-]
They have to let it happen. There's no stopping the tide here.
yashasolutions 6 hours ago [-]
Nice. Probably worth making a local copy before it gets taken down.
(Re: legal - why even bother with a court decision when it’s on GitHub? A takedown is much simpler. We've seen this before, like when Meta went after people reverse-engineering their API)
That said there may not be much here thats actually protectable. It's mostly a CLI orchestrating other tools, and the same functionality could likely be reproduced fairly easily, especially with AI.
Still, props to him for writing a proper blog post and explaining the process
zggf 6 hours ago [-]
Thanks, I put some effort into the blog. The process might be even more useful and reusable than the code itself for many people.
kklisura 5 hours ago [-]
I find it fascinating that this is just some _plumbing_ around some LLM - sold as a product and "AI coworker". They don't own the LLM model. You're just one silent update from not delivering what you promised.
PurpleRamen 4 hours ago [-]
Wrapping other companies services is a popular business since decades. Technically, this even predates software. The more fascinating part is, that this became semi-automated with LLMs, and how thin the wrapping now is.
xnx 5 hours ago [-]
Thin wrappers over an LLM has been an extremely popular grift for the past few years.
zggf 56 minutes ago [-]
Agree, and cost of creating those thin wrappers is rapidly approaching zero
Ignorering the questionable legality of this entire thing, which might fall out in favor of it being a legal activity. Calling the project OpenViktor is as dumb as committing secrets to GitHub. For the love of reason call it something else.
There is no doubt that if this goes to court you are only hurting your own chances at any reasonable defense by deciding on mirroring the naming like that. And for what? Saying you created an opensource product with no tie to their branding would convey the same effect.
pessimizer 2 hours ago [-]
Yes, there's no way that somebody could have a product called OpenOffice that is literally an Open Source version of Office. Impossible.
The legal purpose of trademarks is to serve the same purpose as a signature: in order that one company cannot do business pretending to be another company without showing a clear intention to defraud - an intention made clear by the attempt to fake a signature, or imitate a mark. It is not to own words or sounds. It is a mark that you trade under.
This is a product that is openly hostile to the other product, and is adding a well-established prefix to indicate the reason for that hostility.
petterroea 2 hours ago [-]
Is this reverse-engineering or "just" data exfiltration
zggf 1 hours ago [-]
Reverse engineering means understanding how a system works internally. So it is reverse engineering of a kind, just very different (and admittedly simpler) than e.g. decompiling execs
empath75 1 hours ago [-]
I just want to point out _how easy it is_ to build any of these tools yourself.
I got inspired by nano-claw and built on some of it's ideas to build a whole k8s hosted autonomous agent platform and got it into production in 2 weeks. It's just some api calls and container orchestration. The only hard problem _and it is hard_, is securing it, because you basically have to treat the agents as potentially malicious.
dsjoerg 3 minutes ago [-]
It's because of this hard problem that I'm thinking I should keep using Viktor (getviktor.com) instead of running this OpenViktor.
The company may not do a perfect job of security either, but I figure they'll do a better job than I can as a solo practitioner.
zggf 1 hours ago [-]
Agree, anything that agent has access to is like giving it to malicious user. Especially when agent is exposed to different users that should have different permission levels
dirk94018 31 minutes ago [-]
"Driven by curiosity and envy, I tested it out." Two days of work driven by envy. Not what open source should be about.
zggf 28 minutes ago [-]
It was sarcasm ;)
cubefox 5 hours ago [-]
Seems unethical.
xnx 5 hours ago [-]
I agree. There's so little value in Viktor, that it is unethical to charge for it.
Rendered at 17:47:49 GMT+0000 (Coordinated Universal Time) with Vercel.
>TeamViktor's faces surely? But they're busy diamond handsing all the way to the moon so probably don't even care. XD
would anyone please be so kind to translate these parts of this comment into something a 45+ year old would understand?
(I don't know anything about OpenClaw and on a deeper level, I don't wish to learn about it either considering all the security implications that it generally has)
This sort of exposure is good, in my opinion it enables competition to emerge with true business moat rather than just "do it first, do it fast, worry last" type of thing we're seeing.
---
The rest of this comment is irrelevant, but leaving for posterity, I had the wrong Viktor - it's getviktor.com not viktor.ai:
Edit: this one particularly interesting to me as both parties are in the EU. VIKTOR.ai is a Dutch company and the author of this post is Polish.
The ToS for Viktor.ai include the following fun passages:
> 18.1. The Agreement and these Terms & Conditions are governed by Dutch law and the Agreement and these Terms & Conditions will be interpreted in accordance with Dutch law.
18.2. All disputes arising from or arising in connection with the Agreement and/or the Terms & Conditions will be submitted exclusively to the competent court in Rotterdam, The Netherlands.
7.3. The Customer is not permitted to change, remove or make unrecognizable any mark showing VIKTOR's Intellectual Property Rights to the Software. The Customer is not permitted to use or register any trademark or design or any domain name of VIKTOR or a similar name or sign in any country.
8.5. The Customer may not cause or allow any reproduction, imitation, duplication, copying, sale, resale, leasing or trading of the Services and/or the Software, or any part thereof.
But, yeah. More than likely this case is a simple account termination and some kind of "you can't call your clone 'openviktor'" letter.
https://www.morganlewis.com/pubs/2026/03/us-supreme-court-de...
As an example, a photo taken from a digital camera can be subject to copyright because of the creative element involved in composing and taking the photo. Likewise, source code generated by an LLM under the guidance of a human author is likely to be subject to the human authors copyright.
Anyways, however you put this, I see this as a property theft and taking pride at open sourcing does not justify it.
Let's call it what it is - stolen IP and released without permission of the author. Sure, it's good that it opens the debate as to whether that's ethical given that's essentially what the model itself is doing, but it's very clear in this instance that he's just asked for and been given a copy of source that has a clear ownership. That's about as clear cut as obtaining e.g. commercial server-side code and distributing it in contravention of the licence.
That said, the article says "Okay, prompts, great. Are they any interesting? Surprisingly... yes. As an example workflow_discovery contains a full 6-phase recipe for mining business processes out of Slack conversations, something that definitely required time and experiments to tune. It's hardcoded business logic, but in prompt instead of code."
So the article author clearly knows this prompt would be copyrighted as it wasn't output from an AI, and recognises that there would have been substantial work involved in creating it.
I certainly think the whole idea of IP ownership as related to software will become very interesting from a legal standpoint in the coming years. Personally I think that, over time, the legal challenges will become pretty overwhelming and a sort of legal bankruptcy will be declared at some point in one direction or another (as in, allowing this to happen or making it extremely easy to bring judgement and punishment, similar to spam laws). However, I would not want to be the first to find out, especially in Europe.
(Re: legal - why even bother with a court decision when it’s on GitHub? A takedown is much simpler. We've seen this before, like when Meta went after people reverse-engineering their API)
That said there may not be much here thats actually protectable. It's mostly a CLI orchestrating other tools, and the same functionality could likely be reproduced fairly easily, especially with AI.
Still, props to him for writing a proper blog post and explaining the process
https://uspto.report/TM/78326416/
https://uspto.report/TM/74713937/
https://uspto.report/TM/74619284/
https://uspto.report/TM/87438245/
https://uspto.report/TM/77936273/
https://uspto.report/TM/86747705/
https://uspto.report/TM/78638776/
https://uspto.report/TM/73359604/
https://uspto.report/TM/98066821/
https://uspto.report/TM/97979922/
…and many more.
There is no doubt that if this goes to court you are only hurting your own chances at any reasonable defense by deciding on mirroring the naming like that. And for what? Saying you created an opensource product with no tie to their branding would convey the same effect.
The legal purpose of trademarks is to serve the same purpose as a signature: in order that one company cannot do business pretending to be another company without showing a clear intention to defraud - an intention made clear by the attempt to fake a signature, or imitate a mark. It is not to own words or sounds. It is a mark that you trade under.
This is a product that is openly hostile to the other product, and is adding a well-established prefix to indicate the reason for that hostility.
I got inspired by nano-claw and built on some of it's ideas to build a whole k8s hosted autonomous agent platform and got it into production in 2 weeks. It's just some api calls and container orchestration. The only hard problem _and it is hard_, is securing it, because you basically have to treat the agents as potentially malicious.
The company may not do a perfect job of security either, but I figure they'll do a better job than I can as a solo practitioner.