Bambu Lab Sent a Cease-and-Desist. The AGPL Might Send One Back.

Bambu Lab, the Shenzhen‑based maker of the X1 Carbon 3‑D printer, has ignited a legal firestorm after it sent a cease‑and‑desist letter to a Polish developer who restored a blocked network pathway using open‑source code. The dispute stems from a January 2025 firmware update that introduced an “authorization control” feature, effectively cutting off third‑party slicer software such as OrcaSlicer from communicating directly with the printer.

Bambu alleges five violations, including circumvention of its anti‑tampering measures under DMCA §1201, reverse‑engineering, and breach of its terms of use. The developer countered by demanding specific legal citations, which Bambu refused, prompting the repository’s voluntary removal. Legal analysts note two strong defenses: §1201F’s interoperability carve‑out and the fact that the RSA private key protecting the “Bamboo Connect” app was publicly exposed, undermining the claim of an effective technological protection measure.

The controversy also touches the GNU AGPL‑3 license that governs the underlying slicer code. Bambu’s own blog admitted to building a “closed and proprietary system,” yet its proprietary networking plugin is dynamically linked into the open‑source slicer—a practice the AGPL explicitly requires source disclosure. A 2025 GitHub issue highlighted missing source for the new authorization module, suggesting a textbook AGPL breach.

If courts follow the recent Software Freedom Conservancy v. Vizio decision, purchasers could sue Bambu in California to compel full source release, turning the cease‑and‑desist into a liability. The case exemplifies the broader “progressive enclosure” trend, where manufacturers lock down hardware to monetize services, clashing with right‑to‑repair initiatives and divergent EU regulations. The outcome will likely reshape how consumer‑grade devices balance open‑source collaboration with proprietary control.