Industry Insights
There's a version of the internet's origin story that goes something like this: a bunch of developers around the world, working for free, built the tools that every company now runs on. Linux. Git. Kubernetes. Terraform. PostgreSQL. Apache. The list goes on. None of it was built by a single corporation. Most of it was built by people who just wanted to solve a problem and share the solution.
That story is still true. What's changed is what happens after.
Increasingly, the tools that developers built for the world are being acquired, absorbed, and repositioned by the very companies that once benefited from them for free. And it's happening fast enough that most people in the industry have barely stopped to think about what it means.
Start with GitHub. In 2018, Microsoft acquired it for $7.5 billion. At the time, many developers were nervous. GitHub was the home of open source, the place where code lived, collaboration happened, and communities formed. Microsoft reassured everyone that GitHub would retain its developer-first ethos, operate independently, and remain an open platform.
To their credit, the transition has been mostly smooth. But the fact remains: the world's largest repository of open source code is now owned by one of the world's largest software companies.
Then there's Red Hat. IBM bought it for $34 billion in 2019. Red Hat was the company that figured out how to build a sustainable business on top of Linux, the most important open source project in history. Now it belongs to IBM.
More recently, IBM acquired HashiCorp for $6.4 billion. HashiCorp made Terraform, the tool that most engineering teams use to manage cloud infrastructure. It also made Vault, Consul, and several other tools that quietly hold together a huge portion of modern software infrastructure. Now those tools belong to IBM as well.
And just last December, Nvidia acquired SchedMD, the company behind Slurm, a widely used open source workload management system that's been around since 2002. Nvidia promised to keep it open and vendor-neutral.
The pattern is consistent. Find the open source project that everyone depends on. Buy the company behind it. Promise to keep it open. Move on.
To understand the dynamic, you need to understand the structural problem that open source projects face.
Building something that millions of people use for free is not the same as building a sustainable business. Volunteer maintainers can only give so much time. Donated infrastructure has limits. And as a project grows, the demands on its maintainers grow with it, from bug reports and security patches to enterprise support requests and compatibility with the latest cloud platforms.
Most open source companies eventually face the same crossroads: find a way to monetize, or run out of runway. The options are limited. You can offer an enterprise version with extra features. You can sell hosted, managed versions of the software. Or you can change the license to restrict commercial use by competitors.
HashiCorp tried the third option. In 2023, they moved Terraform from its original open source license to the Business Source License, which restricted companies from using Terraform commercially to compete with HashiCorp directly. The developer community reacted poorly. A fork called OpenTofu was created under the Linux Foundation, community trust took a hit, and HashiCorp's stock dropped. Within a year, they were acquired.
That sequence, build community, struggle to monetize, change license, lose community trust, get acquired, is becoming a familiar story. And it raises a question worth sitting with: if the companies behind the most important open source tools keep ending up owned by Big Tech, what does that mean for the tools themselves?
Every acquisition comes with reassurances. Microsoft promised GitHub would stay independent. Nvidia promised Slurm would remain vendor-neutral. IBM promised to honor HashiCorp's open source commitments.
Sometimes those promises hold. Sometimes they don't. And sometimes the issue isn't a dramatic reversal, but a slow drift in priorities that nobody announces.
The concern isn't always that an acquired project gets shut down or locked behind a paywall. It's subtler than that. Roadmaps shift to align with the acquirer's enterprise strategy. Features that benefit paying customers get prioritized over features that benefit the broader community. Contributions from outside the company slow down as the project's direction becomes less community-driven.
This is sometimes called "open source theater," where a project maintains the appearance of being open while the center of gravity quietly moves inside a single corporation.
The AI boom has added a new dimension to the problem. Almost every major AI framework, from PyTorch to Hugging Face's transformers library to LangChain, started as an open source project. Some are still independently governed. Others are already deeply tied to specific companies.
There's a broader tension here that the industry hasn't fully reckoned with. The infrastructure layer of AI, the frameworks, the tooling, the libraries, was largely built by the open source community. The value captured from that infrastructure is increasingly concentrated in a handful of corporations. The people who built the foundations often aren't the ones who profit from what gets built on top of them.
Big Tech companies are now also funding open source security initiatives, which is a genuine contribution. But it's worth noting that the same companies funding those efforts are the ones whose AI products are built on top of open source projects that they didn't create. The dynamic is complicated, and the line between supporting the ecosystem and controlling it isn't always clear.
To be fair, Big Tech acquiring open source companies is not inherently bad. IBM's stewardship of Red Hat has been broadly positive. Microsoft's management of GitHub, while not without its critics, has included significant investment in the platform. Resources matter, and independent open source projects often lack them.
The concern is one of concentration. When the tools that everyone in the industry depends on are owned by a small number of companies, the health of those tools becomes tied to the strategic interests of those companies. That's a fragility that doesn't show up in any product roadmap or earnings call.
The open source community has responses to this. Forks get created. Foundations get established. Licenses get updated. But these are downstream reactions to an upstream dynamic that keeps repeating.
The honest answer is that nobody knows exactly how this plays out. Open source is resilient precisely because the code, once released, can't be un-released. You can change a license, but you can't take back what's already out there. That's why OpenTofu exists, why LibreOffice exists, why so many projects have forks that outlive the original.
But the broader question isn't about any single project. It's about the long-term governance of the infrastructure the industry runs on. Right now, that governance is increasingly concentrated in companies whose primary obligation is to their shareholders, not to the developer community.
Open source built the internet. That's not in dispute. What's worth paying attention to now is who owns the companies that built the tools that built the internet, and whether that changes anything about how those tools get developed, maintained, and made available going forward.