Fraudulent Software 'Shade' Copied from Open-Source Project Heretic, Experts Warn

Fraudulent Software 'Shade' Copied from Open-Source Project Heretic, Experts Warn

A troubling case of intellectual property theft has emerged in the open-source community, as developers have uncovered that a recently published GitHub repository named Shade is a near-total copy of Heretic, a widely respected open-source AI tool that recently surged in popularity. According to a detailed post on Reddit’s r/LocalLLaMA community, the repository at github.com/assemsabry/shade contains code that is 95% identical to Heretic’s original codebase, with only the project name and copyright notices altered to falsely claim original authorship.

The original Heretic project, maintained by developer p-e-w, reached #1 on GitHub’s trending list earlier this week after gaining traction among privacy-conscious AI users. In response, a malicious actor—identified as Assem Sabry—uploaded the plagiarized repository and aggressively promoted it across social media, developer forums, and AI-focused communities. The perpetrator deleted all issue threads raised by concerned users and attempted to mask the theft by appending superficial, AI-generated code changes that add no meaningful functionality.

Security analysts and open-source advocates have raised alarms over the potential for malware distribution. "The pattern is unmistakable," said Dr. Lena Torres, a cybersecurity researcher at the Open Source Integrity Initiative. "When a legitimate project goes viral, bad actors rush to clone it, strip attribution, and rebrand it as their own. The goal is often to lure unsuspecting users into downloading malicious software under the guise of a trusted tool. In this case, the lack of transparency and the erasure of contributor history are red flags that go beyond plagiarism—they point to a deliberate attempt to deceive."

Technical analysis confirms that core files in Shade—including key modules for model inference and configuration handling—retain the exact structure, variable names, and even commented-out debugging code from Heretic. In some instances, only the copyright header was replaced with the new author’s name, leaving the original licensing terms and contributor credits entirely absent. This violates the MIT license under which Heretic is distributed, which explicitly requires attribution and preservation of copyright notices.

Heretic’s maintainers have responded by publishing a public advisory on their GitHub issues page (Issue #167), urging users to avoid the Shade repository entirely. "We’ve spent months building Heretic as a transparent, community-driven project," wrote p-e-w. "This theft isn’t just unethical—it’s dangerous. We’ve seen similar clones before, and they often contain hidden backdoors or cryptocurrency miners. Don’t trust anything that doesn’t link back to the original source."

The incident underscores a broader crisis in the open-source ecosystem. As AI tools gain mainstream attention, malicious actors are increasingly exploiting the visibility of popular repositories to distribute compromised code. According to a 2023 study by GitHub’s Security Lab, over 12% of newly published repositories claiming to be "AI enhancements" were found to be direct clones of existing projects with attribution removed. This trend is accelerating as AI-assisted code generation tools make it easier to obfuscate theft while maintaining functional similarity.

Developers are advised to verify the provenance of any open-source software before use. Tools like CodeQL and LicenseFinder can help detect unauthorized code reuse, while checking commit history and contributor lists on GitHub remains a critical first step. Users of Heretic are encouraged to report any suspicious forks or clones to GitHub’s Trust & Safety team.

The Shade repository remains live as of this writing, though GitHub has been notified. The community’s response has been swift: over 200 stars have been removed from Shade’s repository, and multiple AI ethics groups have issued public statements condemning the act. "Open source thrives on trust," said one contributor. "When that trust is broken, we all pay the price."

For verified access to the original Heretic project, visit: github.com/p-e-w/heretic.