When a YC startup copied an open-source project, stripped its GPL license, and rebranded it as proprietary software, it exposed a widespread industry problem. Trail of Bits' new open-source tool, Vendetect, uses semantic fingerprinting and git archaeology to detect copied code—revealing security vulnerabilities and license violations buried in software projects.