Technology June 29, 2026

Corgi denies copying Papermark’s open source data room code

Y Combinator-backed insurance startup Corgi is denying that it copied code from Papermark, an open source data room product, after Papermark co-founder Marc Seitz accused the company of stealing its software and repackaging it as Corgi’s own “Dataroo...

Corgi denies copying Papermark’s open source data room code

Corgi’s Dataroom fight shows how messy vibe-coded cloning can get

Y Combinator-backed insurance startup Corgi is denying that it copied code from Papermark, an open source data room product, after Papermark co-founder Marc Seitz accused the company of stealing its software and repackaging it as Corgi’s own “Dataroom” product.

Corgi’s answer to TechCrunch was blunt: “No code was used from Papermark.”

That may be accurate. It still leaves a mess.

The dispute began when Seitz posted screenshots on X showing Corgi’s Dataroom using feature language that appeared to match Papermark’s product word for word. The overlap looked specific, not generic. That matters because data room software has a sensitive job: secure document sharing for investors, acquirers, auditors, and other parties that need controlled access to confidential files.

Corgi CEO Nico Laqua said publicly that the company had investigated. He posted screenshots meant to show that Corgi’s implementation used different code from Papermark’s. He also argued that copying product styling or wording is a different claim from stealing enterprise code.

That distinction matters legally. It’s also where this gets awkward for teams using AI-assisted generation.

Different code, familiar product

Laqua acknowledged that Corgi took too many cues from existing products when building the interface.

“Looking back, we should’ve leaned more into our own language and visual choices instead of taking cues from existing products in the space, and that’s on us,” he wrote on X.

A Corgi spokesperson told TechCrunch that the disputed elements were “isolated to visual elements on two peripheral settings pages,” said they were generated through vibe coding, and said the company updated them immediately.

That narrows the issue, but it doesn’t make it disappear. If two pages in a sensitive enterprise product ship with copied wording and feature framing from a competitor, customers and developers will ask what else was generated by imitation rather than designed.

Vibe coding changes the failure mode. A developer can prompt an AI system to build a page that “looks like” a known product, or describe a workflow in enough detail that the generated output recreates structure, labels, and interaction patterns without copying source files. The repository may pass a line-by-line comparison. The user experience can still look like a close duplicate.

Open source licenses generally govern copyrighted code, not broad product ideas. A data room with permissions, document analytics, viewer tracking, watermarking, and access controls isn’t automatically infringing because another product has those features. Those are category expectations.

Identical wording is harder to dismiss. Product copy is part of the product, even if it isn’t compiled. Labels, feature descriptions, settings text, and onboarding flows shape how users understand a system. When those match a competitor’s product exactly, it points to lazy copying, weak AI review, or both.

AI-generated UI needs provenance review

Developers have always copied patterns. Nobody writes a modal dialog or permissions page from first principles every time. The web runs on borrowed conventions.

AI coding tools make that behavior faster and harder to see. A model can synthesize a React page, settings panel, billing screen, or dashboard from a prompt, but the output may carry the shape of examples that were described, pasted, screenshotted, or present in training data. The developer may not know which parts are generic and which parts are too close to a specific product.

That creates a practical review problem.

Traditional code review looks for correctness, security issues, maintainability, test coverage, and style. AI-generated product work needs another layer: provenance review. Where did this UI structure come from? Did someone paste a competitor screenshot into the prompt? Did the AI reproduce text from another product? Are feature names, settings descriptions, or empty-state messages suspiciously familiar?

Engineering leaders can’t realistically ban AI-assisted interface work. They can set rules for cases where the task involves copying a workflow from a live product.

A few basic controls would prevent many of these disputes:

  • Keep prompts and AI tool logs for shipped product work, at least for sensitive releases.
  • Ban screenshots or copied text from competitor products in generation workflows unless legal has reviewed the use.
  • Treat UI copy as source material subject to review, not disposable filler.
  • Run similarity checks against known competitors for public pages, documentation, and settings text.
  • Require human product design review before shipping generated UI in customer-facing workflows.

None of this is glamorous. It’s hygiene.

Data rooms are boring until something breaks

The product category matters. A data room handles confidential documents, often during fundraising, diligence, insurance underwriting, or M&A. That means access control, audit trails, document permissions, link sharing, notifications, analytics, and sometimes watermarking or download restrictions.

A sloppy settings page doesn’t prove sloppy security. Still, trust in this category is cumulative. If a vendor appears careless with product provenance, customers may wonder about deeper controls:

  • Are document permissions enforced server-side or mostly in the client?
  • Are audit logs tamper-resistant?
  • How are expiring links implemented?
  • Can admins revoke access reliably?
  • Are previews rendered in a sandboxed environment?
  • Is sensitive file metadata exposed through APIs or logs?
  • Are AI features, if present, indexing customer documents safely?

Those are questions technical buyers should ask any data room vendor, not just Corgi. The Corgi dispute makes the trust issue visible.

There’s also a security trade-off with speed. Startups building AI-assisted features can ship quickly, especially when the product surface is conventional. But conventional enterprise software still needs boring rigor: threat modeling, access-control tests, logging discipline, dependency review, and clear separation between tenant data. “Mostly free” is attractive. Free or cheap infrastructure for sensitive documents deserves extra scrutiny.

Open source makes the optics worse

Papermark’s open source status complicates the public reaction. Open source projects are meant to be studied, forked, and extended under license terms. That depends on attribution, compliance, and respect for maintainers’ work.

Corgi says it didn’t use Papermark code. If accurate, this differs from the 2024 PearAI controversy, where a YC-backed startup admitted to cloning another open source project and releasing it under its own license. A direct code clone raises clearer license and attribution questions.

The Corgi-Papermark dispute is murkier. It sits around product mimicry, generated UI, and identical copy. Existing IP law handles copied files more cleanly than copied product feel produced through a model.

Dan Barrett, founder of OpenProse and a YC alum, put the issue well on X: “In a world where a bot can trivially copy 1:1 the structure of something even if the character-level code diverges … what makes one unacceptable and the other not?”

That question will come up again.

AI-assisted builders can now reproduce common SaaS products at the level of information architecture: sidebar, table views, filters, role settings, document lists, analytics cards, admin panels. Some of that is fair competition. Some of it is derivative enough to be ethically suspect, even if no source file was copied.

The software industry lacks a shared norm here. Legal teams may say different code means no problem. Open source maintainers may see a generated replica that drains attention or customers from the original project. Users may not care until quality, support, or security disappoints them.

Corgi’s response adds another layer

Corgi has sent Seitz a cease-and-desist letter demanding that he take down the tweet, according to TechCrunch. The company is also arguing that Papermark’s accusation is motivated by Corgi offering a cheaper competing product.

Laqua wrote, “I get that this stings since we’re putting out something mostly free that competes with his SaaS. I’d be mad too.”

That may play well with some startup audiences, but it doesn’t answer screenshots showing identical wording. Price competition explains why a dispute might get heated. It doesn’t explain copied product language.

Corgi already has a reputation for legal aggressiveness. TechCrunch notes that the two-year-old startup has sued former employees and has drawn chatter for being litigious. That context doesn’t prove anything about the Dataroom allegations, but it shapes how the response lands. Sending a cease-and-desist over viral criticism can look like reputation control by legal threat, especially after the company admitted the pages took too much inspiration from existing products.

The company is also raising money at a wild pace. Last month, Corgi raised a $106 million Series B1 at a $2.6 billion valuation, only three weeks after announcing a $160 million Series B at a $1.3 billion valuation, and four months after a $108 million Series A.

That velocity invites attention. It also raises the cost of small mistakes. A bootstrapped tool shipping a too-familiar settings page might get a grumble and a GitHub issue. A heavily funded YC company in a regulated-adjacent category gets a public fight.

The engineering takeaway

Corgi’s cleanest technical claim is that no Papermark code was used. If the evidence supports that, the legal situation looks different from a license violation.

The engineering lesson is broader. AI-generated code can pass source-level originality checks while still producing a product that looks copied. That’s an operational risk for teams moving fast with coding agents, screenshot-to-UI tools, and prompt-driven scaffolding.

Senior developers and tech leads should treat generated UI as untrusted until reviewed for originality, security, and product fit. Data rooms, admin consoles, billing flows, and permission systems are full of patterns worth reusing, but exact text and replicated structure can create legal headaches and reputational damage.

Corgi fixed the pages. The harder fix is cultural: stop treating AI-generated product surfaces as harmless drafts that can ship because the code compiles and the diff looks clean. In 2026, provenance is becoming part of software quality because models have made imitation cheap enough to become a default failure mode.

Keep going from here

Useful next reads and implementation paths

If this topic connects to a real workflow, these links give you the service path, a proof point, and related articles worth reading next.

Relevant service
RAG and AI systems

Use open and commercial models where they fit, with evaluation and deployment controls.

Related proof
Internal docs RAG assistant

How grounded retrieval made internal knowledge easier to use.

Related article
iOS 26 Beta 4 refines Liquid Glass and restores AI news summaries

Apple’s fourth developer beta for iOS 26 does two notable things. It keeps refining the new Liquid Glass interface, and it brings back AI-generated news notification summaries after pulling them earlier. Both changes fit Apple’s usual pattern. Ship t...

Related article
Peter Sarlin's new startup is building the enterprise software layer for quantum

Peter Sarlin is back with a familiar thesis from the Silo AI years before AMD bought the company for $665 million. Build the layer enterprises will need before the underlying hardware is fully ready. This time, the hardware is quantum. Sarlin’s new s...

Related article
Point One Navigation raises $35M to sell centimeter-level vehicle GPS

Point One Navigation has raised a $35 million Series C led by Khosla Ventures. The pitch is pretty simple: location data for vehicles and robots should be accurate to centimeters, not meters, and most of that value should show up as software. That so...