That’s now how the law sees this.

But, then again, the users were using the software against terms of service, now weren’t they? So, why is the developer at fault when the user didn’t follow the ToS?

Terms of Service doesn’t apply here. A terms of service agreement is a contract which requires the consent of both parties, that’s why you click the ‘I Agree’ checkbox when you sign up for things. Nobody using this code, or any open source code has had to sign a terms of service. Feel free to show me the ToS that you’re talking about if I’m wrong.

This is an open source project, it is governed by the license that it is released under. It is using Eclipse Public License v2.0, as you can see from their repo: https://github.com/jqwik-team/jqwik/blob/main/LICENSE.md

If the developer doesn’t want their code to be used by AI then they can release it under a license saying as much. This code is released under the EPL which has no provisions stating that it is against the license to be used by AI. The license allows for it to be used for any purpose, including commercial purposes and nowhere does the license require that users of the software allow the developer to delete or damage their projects because they feel like it. Again, feel free to show me where it says this if you think I’m wrong.

The developer is at fault because the developer intentionally added things to their project that they intended to cause damage. The fact that the malware was written in English and intended to be interpreted by agentic AI instead of written in Python and intended to be interpreted by the Python interpreter doesn’t change the fact that it was intended to cause damage.

As to why they are liable, it’s because of the Computer Fraud and Abuse Act says so. In fact, what they did is a crime and they could be held criminally liable on top of being civilly liable. Here’s the law: https://www.law.cornell.edu/uscode/text/18/1030

Section 5(A) - Whoever, knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization,

If found guilty:

(i)(1) The court, in imposing sentence on any person convicted of a violation of this section, or convicted of conspiracy to violate this section, shall order, in addition to any other sentence that such person forfeit to the United States, such person’s interest in any personal property that was used or intended to be used to commit or to facilitate the commission of such violation; and any property, real or personal, constituting or derived from, any proceeds that such person obtained, directly or indirectly, as a result of such violation.

So, in addition to being sentenced to incarceration they face losing any right to their software and any hardware used to add this malware.

You can’t distribute malware, it is illegal even if you personally don’t like the people affected.