NHS England Closes Source Code Repositories Amid AI Security Concerns

Severity: Low (Score: 36.9)

Sources: service-manual.nhs.uk, Newscientist, shkspr.mobi, News.Ycombinator, technology.blog.gov.uk

Summary

NHS England has announced a significant policy shift, retracting open-source access to its software due to fears of hacking by advanced AI tools, particularly the Mythos model. This decision, effective by May 11, 2026, mandates that all existing and future software repositories be private by default, reversing previous commitments to open-source principles. Security experts criticize this move as unnecessary and counterproductive, arguing that open-source software enhances security through transparency and community scrutiny. The AI Security Institute has assessed that Mythos primarily targets weak systems, suggesting that robust software would remain secure. The new guidance contradicts established UK policies that promote open-source development for public services. This situation has sparked backlash from cybersecurity professionals and advocates for open-source practices, who argue that the NHS's decision undermines public trust and collaboration. Key Points: • NHS England is making all software repositories private due to AI hacking fears. • The decision contradicts UK open-source policies and has faced significant criticism. • Security experts argue that open-source code enhances security rather than diminishes it.

Key Entities

• GitHub (platform)