"Public repositories materially increase the risk of unintended disclosure of source code, architectural decisions, configuration detail, and contextual information that may be exploited – particularly given rapid advancements in AI models capable of large-scale code ingestion, inference, and reasoning (e.g. developments such as the Mythos model)," reads internal guidance seen by The Register.
NHS England: temporary order, May 11 deadline
Internal guidance circulated within the organisation and seen by The Register directs maintainers across the NHS to move GitHub repositories from public to private by May 11. The move was approved by the NHS' Engineering Board. An NHS England spokesperson told The Register the change is "temporarily restricting access to some NHS England source code to further strengthen cybersecurity while we assess the impact of rapid developments in AI models." The spokesperson added: "We will continue to publish source code where there is a clear need."
What the guidance cites: advanced AI and Anthropic's Mythos
The guidance explicitly links the instruction to risks arising from "rapid advancements in AI models" and names Anthropic's Mythos as an example. The Register reports national authorities, including the UK's AI Safety Institute and the National Cyber Security Centre, have "somewhat validated" Anthropic's claims that Mythos represents an advancement beyond forecasted AI development cycles. The guidance frames public repos as increasing the possibility that source code, architectural decisions and contextual information could be "exploited" by tools capable of large-scale code ingestion and inference.
Scope of the closed-sourcing and what lives in the repos
Sources inside the NHS told The Register that "very few of the hundreds of NHS open source repositories contain anything remotely sensitive." Examples cited include documentation, architecture diagrams and codebases for internal tools — for example, web apps for managing clinic times. The organisation did not provide an estimate for when the temporary closed-sourcing will end, nor did it answer questions about what it considers the most significant threats advanced AI models pose to its open source repositories.
Policy tension: the service manual and a conspicuous U-turn
The decision marks a temporary reversal of the NHS's longstanding preference for open source. The NHS service manual — reflecting wider British government policy — states that all new source code "should be made open source and shareable under an appropriate license." The manual argues: "Public services are built with public money. So unless there's a good reason not to, the code they're based [on] should be made available for other people to reuse and build on." It goes on to list benefits such as reduced duplication of effort, faster development and lower supplier lock-in. The Register notes the U-turn follows reports late last year about deleted web pages communicating the NHS approach to open source; the organisation said those deletions were part of a routine cleanup as NHSX and NHS Digital were folded into NHS England.
Voices in the debate: Terence Eden, Forrester, and national agencies
Not all observers agree that closing repositories now materially increases protection. Terence Eden, the former head of open technology at NHSX, wrote that shifting repos from public to private "will not provide a meaningful defense against advanced AI capabilities," arguing that much open source code has already been archived and ingested and that serious organisational vulnerabilities often lie in software supply chains, phishing, password hygiene and insider threats. Forrester analysts warn that if powerful models become widely available to attackers, open source software could face a "genuine threat," and they noted Anthropic's $4 million donation to Project Glasswing is unlikely to solve that problem on its own. The Register also reports that Mythos is currently "locked behind Project Glasswing" and available only to select organisations, while Anthropic has not disclosed the model's false-positive rate for vulnerability scanning.
What this means for technologists, policymakers, and patients
- Technologists and security teams: will need to decide which repositories truly require continued public access and which can be closed without disrupting collaborative development; they will also assess whether private repos materially reduce attack surface against advanced code-analysis models, per internal guidance.
- Policymakers and regulators: must weigh the service manual's directive that "public services are built with public money" against the NHS's temporary cybersecurity posture, and consider when and how to balance transparency with defensive moves prompted by AI advances.
- Patients and the public: face indirect effects if changes to repository access slow collaboration or reuse of NHS-published code, but The Register's sources say most public NHS repos held only documentation and non-sensitive tooling rather than direct patient-facing secrets.
The Register's reporting places a deadline and a rationale on a major shift in policy: move hundreds of public repositories to private by May 11, approved by the NHS Engineering Board, while the organisation assesses the impact of fast-moving AI models such as Mythos. The NHS has not said when the measure will end or which specific AI-driven threats it sees as most pressing — leaving an interim policy that is at once defensive, temporary and consequential for how a publicly funded service treats the code it develops.
