NHS Moves to Make Public Code Repositories Private Over AI Security Fears

The UK’s National Health Service is preparing to make nearly all of its publicly available source code repositories private, citing the emergence of Anthropic’s new Mythos AI model — a tool so capable at discovering software vulnerabilities that Anthropic itself restricted its release to a handful of partner organisations. The decision, leaked by UK technology expert and open-source advocate Terence Eden, has triggered a sharp backlash from the open-source community and government digital-policy advocates.

Eden, who previously worked for the UK Government on open standards at GDS (the Government Digital Service) and helped publish the source code for the NHS COVID-19 contact-tracing app, said the information came from multiple independent sources inside the NHS who were alarmed by the decision. A senior technical person inside NHS England was quoted as saying the organisation is “changing our tack on coding the open,” with most repositories to be removed “until we’re on top of that risk.”

The Guidance: What SDLC-8 Actually Says

On April 29, NHS England circulated an internal guidance document designated SDLC-8. According to those who have reviewed it, the note states that repositories “must not be public” unless there is a clear exceptional need, and that any public access must be formally approved by the Engineering Board. The guidance explicitly cites the rapid advancement in large-scale code ingestion, inference, and analysis by AI models as the primary risk driver.

The deadline for compliance is May 11, 2026. Any team wishing to maintain a public repository must submit an exemption request by May 6. NHS England has not made an official public announcement confirming the policy change.

Anthropic’s Mythos: The Model at the Centre of the Controversy

The trigger for NHS England’s policy change is Anthropic’s Claude Mythos Preview, announced on April 7, 2026. Mythos is a frontier AI model that Anthropic describes as its most capable to date — one that performed so strongly on cybersecurity tasks that the company chose not to release it to the general public.

According to Anthropic, Mythos identified thousands of previously unknown zero-day vulnerabilities across every major operating system and web browser over just a few weeks of testing. Among its findings was a 27-year-old flaw in OpenBSD, an operating system long regarded as a benchmark for security engineering. The model can not only find vulnerabilities but also generate working exploits with minimal human guidance.

Rather than a general release, Anthropic launched Project Glasswing — an initiative pairing Mythos with a curated group of partner organisations for defensive cybersecurity work. Anthropic has committed up to $100 million in usage credits for the initiative, along with $4 million in direct donations to open-source security organisations.

Critics: This Won’t Work — and It Contradicts UK Policy

Open-source advocates, security professionals, and policy organisations have rounded on the NHS decision, arguing it is both ineffective and counterproductive. The Free Software Foundation Europe (FSFE) issued a statement calling the move “a serious step in the wrong direction,” noting that depublishing repositories does not prevent attackers from analysing deployed systems, binaries, or interfaces — and that many repositories have already been copied or archived.

Eden himself was measured but firm in his assessment: “Is it possible that Mythos will scan a repository and find a bug? Yes, 100 per cent likely. Is that going to be a bug that causes a security issue in a live NHS service somewhere? Almost certainly not. I think it’s someone in NHS England buying into the hype that Mythos is going to cause the end of security as we know it and getting a bit panicked.”

The FSFE’s senior policy project manager Johannes Näder put it bluntly: “Depublishing public code is not a security strategy. ‘Security through obscurity’ has been debunked as a security measure for a long time. Making repositories private does not protect NHS systems. It only limits who can help find and fix problems.”

A Broader Trend: Open Source Under Pressure

The NHS move is not happening in isolation. On April 14, Cal.com — one of the most prominent open-source scheduling platforms — announced it would no longer maintain the open-source status of its core platform, citing the same AI-driven security concerns. The company has created a separate community fork hosted at cal.diy for developers who wish to self-host.

Security researchers have also been quick to point out that even if the NHS removes its repositories, the code that has already been public can still be analysed by AI tools from cached or archived copies. The argument that concealment equals security is, they say, a category error.

Timeline of Events

What Happens Next

As of publication, NHS England has made no official public statement confirming or denying the SDLC-8 guidance. Open-source advocacy groups have called on UK citizens to contact their Members of Parliament to raise concerns. The FSFE has described the situation as an opportunity to reaffirm the principle of “Public Money? Public Code!” — the idea that software built with taxpayer funds should be open to public scrutiny.

The broader question raised by the Mythos episode — how governments and public institutions should respond to AI systems capable of automating vulnerability discovery at scale — remains unresolved. Security experts broadly agree that closing source code is not the answer, and that the correct response is faster patching, better secret management, and deeper investment in software security engineering.

Whether NHS England will reverse course, refine its policy, or proceed with the May 11 deadline remains to be seen.