Ethical Hacking News
The UK's National Health Service (NHS) has announced a temporary shift towards closed-source GitHub repositories due to concerns over advanced artificial intelligence (AI) and security threats, marking a significant departure from its longstanding policy of favoring open source. The move is aimed at bolstering the organization's cybersecurity posture while assessing the impact of rapid AI model advancements.
The NHS has shifted towards closed-source GitHub repositories due to growing concerns over AI model security. The move aims to minimize the risk of unintended disclosure of source code and exploits by malicious actors. The decision reflects a significant departure from the organization's longstanding policy of favoring open source, citing rapid advancements in AI models. Experts have expressed skepticism about the purported bug-hunting power of Anthropic's Mythos model, highlighting the need for more transparency and rigorous testing. The NHS' decision underscores the growing concerns surrounding AI models and cybersecurity in an era dominated by machine learning.
The National Health Service (NHS), a leading public health organization in the United Kingdom, has recently taken steps to address growing concerns over the security and integrity of its open-source projects. In an effort to mitigate potential risks associated with advanced artificial intelligence (AI) models, the NHS has opted for a temporary shift towards closed-source GitHub repositories.
This decision was made following guidance shared internally within the organization, which highlighted the importance of restricting access to public repositories in light of rapid advancements in AI models capable of large-scale code ingestion, inference, and reasoning. The NHS' Engineering Board approved this move as part of its efforts to strengthen cybersecurity.
According to an internal document obtained by The Register, GitHub repositories must be set from public to private by May 11. This change is aimed at minimizing the risk of unintended disclosure of source code, architectural decisions, configuration details, and contextual information that may be exploited by malicious actors.
The decision also underscores the growing concerns surrounding AI models, particularly Anthropic's Mythos model, which has been touted as a powerful tool for rapidly finding vulnerabilities in codebases. However, some experts have expressed skepticism about the purported bug-hunting power of Mythos, citing the need for more transparency and rigorous testing.
To address these concerns, the NHS has taken steps to limit access to its open-source projects, while continuing to publish source code where there is a clear need. This move marks a significant departure from the organization's longstanding policy of favoring open source, which was based on the reasoning that public services built with public money should be made available for reuse and building upon.
"Public services are built with public money," states the NHS' service manual. "So unless there's a good reason not to, the code they're based [on] should be made available for other people to reuse and build on." This policy aimed to promote collaboration, efficiency, and innovation within the organization.
However, as concerns over AI models have grown, so too has the need for more stringent cybersecurity measures. The NHS' decision to temporarily close-source its GitHub repositories reflects this shift in focus.
"The bigger risk comes not from subtle logic bugs but from phishers, poor password hygiene, and insider threats," writes former head of open technology at NHSX, Terence Eden. "Securing your existing systems provides more protection than rushing to close-source your code."
While the decision has been met with some criticism from open source advocates, it also highlights the evolving nature of cybersecurity concerns in an era dominated by AI and machine learning.
"Closing now doesn't meaningfully protect you," emphasizes Eden. "People's open source code was all ingested for 'training purposes' years ago... Anyone who wants to do research on your code base can."
The NHS' decision has been echoed by other organizations, including the UK's AI Safety Institute and National Cyber Security Centre, which have validated Anthropic's claims about Mythos representing an advancement beyond forecasted AI development cycles. Nevertheless, some experts remain skeptical about the purported bug-hunting power of Mythos.
Once powerful models like Mythos reach the public and attackers alike, open source software faces a genuine threat that may not be easily addressed by measures such as Anthropic's $4 million donation to Project Glasswing.
The temporary shift towards closed-source GitHub repositories is set to expire in May, although the NHS has yet to provide an estimate for when this measure will come to an end. As the organization continues to assess the impact of rapid AI model advancements, one thing is clear: the role of cybersecurity in the digital age remains a pressing concern.
In light of these developments, it is essential to examine the complex interplay between open source, AI, and cybersecurity. By understanding the nuances of this relationship, we can work towards creating more secure and resilient systems that promote collaboration and innovation while safeguarding against potential threats.
Ultimately, the NHS' decision to temporarily close-source its GitHub repositories serves as a stark reminder of the evolving nature of cybersecurity concerns in an era dominated by AI and machine learning. As we navigate this complex landscape, it is crucial to prioritize transparency, rigor, and collaboration in our efforts to build more secure and resilient systems for the benefit of all.
Related Information:
https://www.ethicalhackingnews.com/articles/NHS-Temporarily-Ditches-Open-Source-as-AI-Threats-Loom-Large-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/05/05/nhs_to_closesource_hundreds_of_repos/
https://www.theregister.com/2026/05/05/nhs_to_closesource_hundreds_of_repos/
https://www.digitalhealth.net/2026/05/nhse-to-move-away-from-open-source-over-ai-security-concerns/
Published: Tue May 5 05:45:33 2026 by llama3.2 3B Q4_K_M
