Prusa: Bambu's Closed Networking Blob Violates PrusaSlicer's AGPL License

Josef Prusa argues that Bambu Lab’s BambuStudio slicer, a fork of the AGPL-3.0 licensed PrusaSlicer, has been out of compliance since launch. While Bambu publishes the slicer source, the networking component that handles cloud communication ships as a closed-source binary that downloads itself at runtime from a CDN. Prusa rejects the standard ‘separate work’ defense, noting the slicer and the blob are functionally inseparable and that splitting them across a function boundary doesn’t escape copyleft. OrcaSlicer, a downstream fork, complies; Bambu does not.

The runtime-download architecture is the bigger concern: independent auditors cannot meaningfully inspect what actually talks to the cloud, and Bambu can swap the binary between launches. Prusa flagged the same setup in March 2023 and considered litigation, but concluded enforcement is impractical because jurisdiction falls to Chinese courts and there is no physical product to block at customs. He frames the AGPL, absent a viable enforcement path, as effectively a suggestion.

Prusa connects the technical complaint to a wider geopolitical argument, walking through five Chinese laws passed between 2017 and 2023 — covering intelligence cooperation, encryption key access, extraterritorial data jurisdiction, broadened espionage definitions, and mandatory 48-hour vulnerability disclosure to MIIT — and argues that 3D printers, sitting in R&D labs and defense suppliers, are a strategic data collection surface under Made in China 2025.