NHS Security Move Sparks Fury: Open-Source Code Withdrawn Over AI Threat

NHS England Pulls Software Amid AI Hacking Fears

NHS England has abruptly removed its open-source software from public repositories, citing advanced AI models like Mythos that can exploit source code vulnerabilities. The decision has ignited fierce backlash from transparency advocates and cybersecurity experts.

“This knee-jerk reaction sacrifices years of collaborative security auditing for a false sense of protection,” said Dr. Eliza Grant, a cybersecurity researcher at the University of Cambridge. Critics argue that hiding the code will actually increase risks by reducing external oversight.

Background

The open-source approach allowed independent experts and other health systems to review NHS software for flaws. NHS England now believes that AI-powered hacking tools can analyze public code faster than human defenders, making exposure a liability.

Officials claim the move is temporary and aimed at evaluating the new threat landscape. But no timeline for restoration has been provided, leaving developers and partner organizations in limbo.

What This Means

Transparency is the first casualty. Without public code, bugs may go undetected longer, and other health systems that relied on NHS code must find alternatives. Efficiency also suffers—open collaboration accelerates innovation, and this withdrawal isolates NHS from that ecosystem.

“This sets a dangerous precedent. If every healthcare provider goes dark, the entire sector becomes less secure, not more,” warned Martin Chu, a former NHS digital director. The decision underscores the growing tension between security and openness in the age of AI-driven cyberattacks.

For now, NHS IT teams scramble to implement alternative security measures while the open-source community watches—and worries—about the future of digital health transparency.