AI has made it trivial to reverse engineer software, dropping time and costs to basically zero.
Traditionally, reverse engineering was a relatively intensive and time-consuming task that required developers to spend weeks staring at decompiled code.
Today, LLMs and AI agents can ingest raw decompiled code output and easily:
-
Rename obfuscated variables: Turning gibberish like sub_4010a0 into a human readable ‘validate_license_key’.
-
Explain complex logic in plain English: Summarising and figuring out patterns or anti-debugging tricks in seconds.
-
Identify vulnerabilities: Automatically/relentlessly find and test zero-days.
This is especially a problem for plugin/addon ecosystems of apps (e.g. Obsidian, Anki, Raycast etc). Usually these addons are open source to encourage development and create a flourishing ecosystem that draws in users
Previously, the plugin ecosystems of apps like Obsidian or Anki operated on a high-trust, low-friction environment. Developers shared code freely, knowing that while someone could steal their logic, the ‘activation energy’ and knowledge required to do so was high enough to deter most.
Agentic coding has completely eliminated that activation energy, I’ve spent heaps of time adapting Anki and Obsidian addons for my own use.
adapted the smart connections plugin from yesterday’s post to use different models and unlock pro features. it now works with my plugin that creates vault-wide embeddings so other extensions can use them as well.
Paid addons/plugins are also trivial to adapt and modify, which can make it hard for developers who rely on these plugins to be supported long-term. It’ll be interesting to see how how ‘fair use’ laws change over time.