Esc
SafetyCase Closed

NHS England Withdraws Open-Source Code Over AI Hacking Fears

Is this a scandal?

No longer — the story has resolved. Noise 4/100, cooling down, across 0 sources.

SCAND-113645as of Methodology
Cite this incident"NHS England Withdraws Open-Source Code Over AI Hacking Fears." SCAND.Ai incident SCAND-113645, noise 4/100 as of July 7, 2026. https://scand.ai/scandal/nhs-england-open-source-ai-security
FORECASTForecast, not fact

Other government departments are likely to review their open-source portfolios, potentially ending the 'open by default' era in public tech. We can expect a rise in private bug bounty programs as a middle ground between full transparency and total secrecy.

4

Noise 4/100 — louder than 97% of tracked AI controversies.

AI-assisted analysis · How we work

Why it matters

This move signals a shift toward 'security through obscurity' as AI models like Mythos make automated exploit discovery easier for bad actors.

Key points

  1. NHS England is removing public access to its software repositories to mitigate AI-driven hacking risks.
  2. The 'Mythos' AI model is cited as a primary catalyst for the policy change due to its advanced vulnerability-spotting capabilities.
  3. Critics argue the move violates transparency standards and will hamper the efficiency of public sector technology development.
  4. The decision challenges the traditional security philosophy that open-source code is safer due to public auditing.

The story

NHS England has begun removing its open-source software repositories from public internet access, citing emerging threats from AI models capable of automated cyberattacks. Officials identified the 'Mythos' AI model as a specific concern, noting its ability to autonomously scan codebases and identify zero-day vulnerabilities. This decision represents a significant departure from the United Kingdom's long-standing 'open by default' policy for public sector software projects. While the NHS maintains that the move is necessary to protect patient data from rapid-fire AI exploitation, the decision has sparked immediate pushback from the developer community. Opponents argue that withdrawing source code will stifle innovation, reduce transparency, and prevent 'white hat' researchers from identifying and reporting bugs. Security experts remain divided on whether hiding code provides a meaningful defense against sophisticated AI-assisted adversaries who may already possess the data.

Who's involved

Critic
Transparency Advocates

Argue that hiding code reduces accountability and stops independent researchers from helping secure public systems.

Defender
NHS England

Asserts that the risk of AI-driven exploits necessitates removing public access to sensitive source code.

Neutral
Mythos Developers

Not explicitly quoted, but their AI model's capabilities are the central reason for the NHS policy shift.

Join the Discussion

Discuss this story

Community comments coming in a future update

Be the first to share your perspective. Subscribe to comment.

Noise Level

Quiet4?Noise Score (0–100): how loud a controversy is. Composite of reach, engagement, star power, cross-platform spread, polarity, duration, and industry impact — with 7-day decay.
Decay: 12%
Reach
42
Engagement
15
Star Power
15
Duration
100
Cross-Platform
20
Polarity
50
Industry Impact
50

The timeline

  1. Public Backlash Reported

    New Scientist reports growing opposition from experts who claim the move hurts transparency without improving security.

  2. NHS Source Code Removal Begins

    NHS England starts pulling repositories from platforms like GitHub citing the risk of AI-assisted hacking.

The forecast

Other government departments are likely to review their open-source portfolios, potentially ending the 'open by default' era in public tech. We can expect a rise in private bug bounty programs as a middle ground between full transparency and total secrecy.

Forecast, not fact — an editorial estimate we score when this resolves.

You're up to date

That's the complete picture as of — nothing more to know right now. We'll update this page the moment it changes.