Josef Prusa warns Chinese 3D printing software poses massive security risks — Bambu Lab allegedly violates AGPL license with an un-auditable network ‘black box’

Josef Prusa has publicly warned that Chinese 3D printing software, particularly Bambu Lab’s fork of PrusaSlicer, violates open-source licenses and presents serious security risks. The warning comes amid ongoing concerns about Chinese industry practices and government influence, making the issue relevant for global 3D printing and cybersecurity communities.

Prusa Research, founded by Josef Prusa, has accused Bambu Lab of violating the AGPL-3.0 open-source license by using a closed-source networking plugin in their fork of PrusaSlicer. Prusa stated that the plugin is integral to Bambu Studio’s operation, and its use without open licensing constitutes a violation. Bambu Lab claims the plugin and the slicer are separate works, but Prusa disputes this, arguing that the integrated nature of the software makes the violation clear. The controversy highlights broader concerns about open-source compliance and security vulnerabilities, especially given Bambu Lab’s emphasis on cloud-based printing features. Prusa also expressed concerns about the security implications of Chinese industry practices, citing the country’s legal framework requiring citizens to cooperate with intelligence efforts and hand over encryption keys, which could compromise user data and device security.

Why It Matters

This warning underscores potential cybersecurity risks associated with Chinese-developed 3D printing software, which could impact users worldwide. Violations of open-source licenses threaten the integrity of the software ecosystem, and the security concerns raise questions about data privacy and national security. As 3D printing becomes more integrated with industrial and personal workflows, the security vulnerabilities linked to foreign software could have wide-reaching consequences.

Background

Prusa Research has been a leading Western manufacturer in the 3D printing industry, advocating for open-source principles. The controversy with Bambu Lab stems from ongoing licensing disputes and concerns over proprietary software embedded in open-source projects. Historically, Chinese manufacturers have been accused of using open-source code without proper licensing, often coupled with allegations of broader security issues due to government influence. The recent statements from Prusa come amid increased scrutiny of Chinese tech companies and their compliance with international licensing and security standards.

“You take from the community, you give back to the community. That’s the social contract. Violating the AGPL license with a closed-source plugin is a breach of that trust.”

— Josef Prusa

“The networking plugin is integral to Bambu Studio’s operation, and its closed-source nature violates the license, creating potential vulnerabilities.”

— Josef Prusa

“Chinese industry practices, including legal frameworks requiring cooperation with intelligence agencies, pose inherent security risks for users worldwide.”

— Prusa Research spokesperson

What Remains Unclear

It remains unclear whether Bambu Lab will respond publicly or take corrective action regarding the license violations. The extent of security vulnerabilities linked to the Chinese government’s influence in the industry is also not fully confirmed, with much of the concern based on broader geopolitical analysis rather than specific technical evidence.

What’s Next

Legal or regulatory actions could be pursued if violations are confirmed. Bambu Lab may modify its software to comply with open-source licenses, or face potential legal consequences. Additionally, further investigations into the security implications of Chinese 3D printing software are expected, potentially leading to stricter industry standards and user advisories.

Key Questions

What specific license violation is involved?

The violation concerns Bambu Lab’s use of a closed-source networking plugin in their fork of PrusaSlicer, which is licensed under AGPL-3.0. The license requires that derivative works remain open-source, which the plugin allegedly does not.

Why are security risks associated with this software?

The closed-source networking plugin, which is integral to Bambu Studio’s cloud features, could be exploited for unauthorized data access or remote control, especially given the legal framework in China requiring cooperation with government intelligence efforts.

Could users avoid these risks?

Potentially, yes. Bambu Studio can be used without cloud features by operating in LAN mode or using local file transfer methods. However, the convenience of cloud printing remains a major selling point, and the security concerns are tied to the software’s integrated design.

What does this mean for the global 3D printing industry?

This controversy highlights the importance of open-source compliance and cybersecurity. It may lead to increased scrutiny of Chinese software and hardware, and prompt industry-wide efforts to ensure software transparency and security.