Josef Prusa, founder of Prusa Research and developer of OrcaSlicer, has publicly accused Chinese 3D printer maker Bambu Lab of violating the AGPL open source license and creating security risks through un-auditable network code. This isn't just open source drama—it's about whether Chinese hardware companies will respect software licenses and what security risks come with closed-source firmware connecting to your network.
3D printing is becoming mainstream. These issues matter.
The license violation claim: OrcaSlicer is licensed under AGPL (Affero General Public License), which requires that any modifications to the software must also be released as open source. Prusa alleges that Bambu Lab incorporated OrcaSlicer code into their printer software but didn't publish their modifications, creating what he calls an "un-auditable network black box."
The security concern is more serious than the licensing issue. Modern 3D printers connect to Wi-Fi, upload print files to cloud services, receive firmware updates over the internet, and communicate with manufacturer servers. If that networking code is closed-source and un-auditable, users have no way to verify what data is being transmitted or how their devices are being controlled.
This is the same pattern we've seen with other Chinese consumer electronics—IoT cameras, smart home devices, routers—where closed firmware and undocumented network behavior raised red flags about data exfiltration and potential backdoors. Prusa is arguing that 3D printers shouldn't get a pass just because they're not "smart speakers."
Bambu Lab has been aggressively competitive in the 3D printing market, shipping feature-rich printers at prices that undercut established manufacturers. Their hardware is genuinely impressive—fast, reliable, user-friendly. But if the software stack includes license violations and security risks, that's a different story.
The open source community takes license violations seriously. AGPL exists specifically to prevent companies from taking open source software, modifying it for commercial products, and refusing to share their improvements back. If Bambu Lab used OrcaSlicer code and closed it off, that violates both the legal license and the community norms that make open source work.
For consumers, this raises practical questions: Should you connect a Bambu Lab printer to your network if you can't audit what it's doing? Is it worth the convenience if there are potential security or privacy risks? These are the same questions people ask about Chinese smartphones, surveillance cameras, and routers.
