NHS England Slams the Door on Open Source — And Why It’s Probably Too Late

NHS England has ordered all its technology leaders to make hundreds of GitHub repositories private by May 11, citing fears that emerging AI models could exploit publicly exposed source code. The directive represents a dramatic reversal of a longstanding policy that treated open source as the default for taxpayer-funded software.

What Happened

According to internal guidance seen by The Register, NHS England’s Engineering Board approved new instructions requiring all publicly accessible source code repositories to be set to private “unless there is an explicit and exceptional need.” The guidance specifically names Anthropic’s Mythos model as a concern — a frontier AI capable of large-scale code ingestion, inference, and automated vulnerability detection.

The full guidance reads: “Public repositories materially increase the risk of unintended disclosure of source code, architectural decisions, configuration detail, and contextual information that may be exploited – particularly given rapid advancements in AI models capable of large-scale code ingestion, inference, and reasoning.”

NHS England told The Register this is “merely a temporary measure” enacted while the organisation assesses the cybersecurity impact of AI developments. They added: “We will continue to publish source code where there is a clear need.” But no timeline was given for when the restriction might be lifted.

The Mythos Factor

Mythos, Anthropic’s code analysis model, is the specific trigger here. The model can ingest entire codebases, reason about their architecture, and identify vulnerabilities — essentially acting as an automated penetration tester at scale. For organisations with public codebases, that means any vulnerability that a human auditor might miss could be surfaced by AI in seconds.

The irony is that Mythos was designed partly for defensive use — helping developers find and fix bugs before they reach production. But NHS England’s internal sources told The Register that very few of its hundreds of open repositories contain anything remotely sensitive. The repos include documentation, architecture diagrams, and code for internal tools like web apps for managing clinic times.

A Policy Written in Sand

The NHS’s service manual — reflecting wider UK government policy — previously stated that all new source code should be made open source and shareable under an appropriate licence. The reasoning was straightforward:

“Public services are built with public money. So unless there’s a good reason not to, the code they’re based on should be made available for other people to reuse and build on.”

The manual went further: “Open source code can save teams duplicating effort and help them build better services faster. And publishing source code under an open licence means that you’re less likely to get locked in to working with a single supplier.”

This was the philosophy behind NHSX and NHS Digital’s open source work — a body of code developed by some of the UK’s brightest engineers that was freely available for other health services, local authorities, and even other countries to reuse.

But signs of wavering appeared late last year when The Register reported that NHS England was quietly deleting web pages devoted to communicating its approach to open source. The organisation blamed routine cleanup after NHSX and NHS Digital were folded into NHS England — but the pattern is clear.

The Backlash Is Already Building

The developer community response has been swift and critical. The open source community sees this as exactly the kind of vendor lock-in risk that the original policy was designed to prevent. By closing the door on transparency, NHS England is handing more power to the proprietary software suppliers it contracts with — organisations like Palantir, which already has a controversial data platform deal with the NHS.

And here’s the kicker: the security argument doesn’t hold water for most of the repos in question. Security through obscurity is a well-worn fallacy — if the code is genuinely insecure, making it private doesn’t fix the vulnerability, it just hides it from the people who could help patch it. The open source model means hundreds of eyes (and increasingly, AI tools used defensively) can find bugs before bad actors do.

Too Late

NHS England’s own service manual noted that open source “means that you’re less likely to get locked in to working with a single supplier.” By reversing course, the NHS is walking straight into that lock-in. The talent that built those open repos — engineers who chose to make taxpayer-funded code public — now have their work locked behind corporate firewalls, accessible only to the consultants and contractors paid to maintain it.

It’s a textbook example of security theatre: a visible action that makes leadership feel something is being done, while actually weakening the system’s long-term resilience.

Sources: The Register (Connor Jones, May 5), Health Service Journal (Ben Clover), Computing, New Scientist