The UK’s National Health Service (NHS) is implementing a significant policy shift by ordering its technology leaders to convert all open source projects to private repositories. This decision, driven by concerns over advanced artificial intelligence and specifically Anthropic’s Mythos model, must be enacted by May 11.
Internal Guidance and Rationale
According to internal guidance reviewed by The Register, the NHS has expressed that public repositories pose a heightened risk of unintended disclosures, including source code and architectural details that could be exploited. The guidance emphasizes that public access should only be permitted under exceptional circumstances.
Temporary Measure for Cybersecurity
An NHS England spokesperson confirmed that this action is a temporary measure aimed at bolstering cybersecurity while the organization assesses the implications of rapid advancements in AI technologies. They stated, “We are temporarily restricting access to some NHS England source code to further strengthen cybersecurity while we assess the impact of rapid developments in AI models.” The spokesperson also noted that the NHS will continue to publish source code where necessary.
Impact on Open Source Policy
This decision marks a notable departure from the NHS’s previous commitment to open source principles, which align with broader UK government policy. The NHS service manual advocates for making new source code open and shareable, emphasizing that public services funded by taxpayer money should be accessible for reuse and improvement. Reports of the NHS deleting web pages related to its open source approach have surfaced, raising questions about its commitment to transparency.
Concerns Over AI Vulnerabilities
While NHS sources indicate that most open repositories contain non-sensitive information, the decision to close-source raises questions about the actual risks posed by AI models like Mythos. Critics, including former NHSX open technology head Terence Eden, argue that moving repositories to private status will not effectively mitigate risks associated with advanced AI capabilities. Eden suggests that vulnerabilities often lie within software supply chains rather than in the code itself, highlighting that securing existing systems may offer better protection than closing off code.
As the NHS navigates this temporary shift, the implications for its open source strategy and the broader landscape of public sector technology remain to be seen.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
