NHS to Close Hundreds of GitHub Repos Over AI Fears

The UK's National Health Service (NHS) is ordering its technology leaders to temporarily close-source hundreds of open source GitHub repositories, citing growing concerns about advanced AI systems scraping public code for training data and potential security vulnerabilities. Maintainers across the healthcare giant's sprawling digital infrastructure have been handed a May 2025 deadline to enact the sweeping change — a move that has sent ripples through both the open source community and the healthcare technology sector.

The decision specifically references concerns related to Anthropic's Mythos and the broader trend of large language models ingesting publicly available code, raising questions about whether sensitive healthcare logic, API patterns, and infrastructure details could be exploited by AI-powered threat actors.

Key Facts at a Glance

• The NHS is mandating that hundreds of public GitHub repositories be converted to private or internal visibility
• Technology leaders and maintainers face a May 2025 deadline to complete the transition
• The decision cites risks from advanced AI systems scraping open source code for training purposes
• Anthropic's Mythos is specifically named as a concern in the directive
• The change is described as temporary, though no timeline for reopening has been provided
• The move affects projects spanning patient data systems, internal tooling, and NHS digital services

Why the NHS Is Locking Down Its Code

The NHS maintains a significant open source presence on GitHub, with repositories covering everything from appointment booking systems to data analytics pipelines. Historically, this openness aligned with the UK government's broader 'open by default' policy for public sector technology.

However, the rapid advancement of AI code analysis tools has fundamentally altered the risk calculus. Modern large language models can analyze codebases to identify architectural patterns, authentication flows, and potential attack surfaces far more efficiently than manual code review. For a healthcare organization handling millions of patient records, this represents an escalating threat vector.

The specific mention of Anthropic's Mythos suggests NHS security teams have identified capabilities in newer AI systems that make public code exposure particularly risky. While Anthropic is widely known for its Claude family of AI assistants, Mythos appears to represent a capability set that has triggered heightened concern among NHS cybersecurity advisors.

The AI Code Scraping Problem Grows

The NHS's decision doesn't exist in a vacuum. Organizations worldwide are grappling with the implications of AI systems trained on publicly available source code. GitHub Copilot, powered by OpenAI's models, sparked the initial debate when it launched in 2022, but the landscape has evolved dramatically since then.

Several factors are driving institutional anxiety:

• AI-powered vulnerability discovery: Models can now identify zero-day vulnerabilities by analyzing code patterns at scale, unlike traditional static analysis tools that rely on known signatures
• Supply chain mapping: Public repositories reveal dependency chains that attackers can exploit
• Infrastructure fingerprinting: Configuration files and deployment scripts expose architectural details
• Authentication pattern analysis: Login flows and API security implementations become visible to automated analysis
• Social engineering fuel: Commit histories and contributor information provide reconnaissance data

Compared to the situation just 2 years ago, when AI code analysis was largely limited to autocomplete suggestions, today's models can reason about entire system architectures and identify subtle security weaknesses across interconnected repositories.

Healthcare Sector Faces Unique AI Risks

The healthcare industry occupies a particularly vulnerable position in the AI security landscape. Patient data remains among the most valuable targets for cybercriminals, with healthcare records fetching up to $250 per record on dark web marketplaces — roughly 10 times the value of stolen credit card data.

The NHS has already suffered devastating cyberattacks. The 2017 WannaCry ransomware attack crippled NHS services across England and Scotland, canceling approximately 19,000 appointments and costing an estimated £92 million ($116 million). More recently, the 2024 Synnovis attack disrupted pathology services across major London hospitals for months.

These incidents underscore why the NHS is taking a precautionary approach. Even if the risk of AI-assisted attacks through open source code analysis is currently theoretical, the consequences of a successful breach in healthcare infrastructure are severe enough to justify preemptive action.

NHS Digital, which oversees much of the organization's technology strategy, has reportedly concluded that the potential benefits of maintaining open source visibility no longer outweigh the risks in the current AI threat environment.

Open Source Community Reacts With Concern

The decision has sparked significant debate within the open source community. Critics argue that closing public repositories undermines the transparency and collaborative development model that has benefited NHS technology projects for years.

Open source advocates point to several concerns:

• Security through obscurity is widely considered a flawed approach in cybersecurity
• Public code review by the community often identifies vulnerabilities faster than internal teams alone
• Closing repositories may break downstream dependencies for third-party healthcare applications
• The move contradicts the UK Government Digital Service's longstanding open source guidelines
• It could set a precedent that encourages other public sector organizations to follow suit
• Contributor trust may be damaged, making it harder to attract open source talent in the future

However, supporters of the decision note that the AI landscape has changed the calculus fundamentally. Traditional open source security models assumed human-speed code review — not automated analysis by systems capable of processing thousands of repositories simultaneously.

Broader Industry Implications for AI and Open Source

The NHS's move reflects a growing tension across the technology industry between open source principles and AI-era security realities. Several major organizations have already taken similar steps, though typically with less public visibility.

Financial institutions, defense contractors, and critical infrastructure operators have been quietly reducing their public code footprint over the past 18 months. JPMorgan Chase, for example, has significantly tightened its open source contribution policies, requiring additional security reviews before any code reaches public repositories.

The fundamental question facing the industry is whether the open source model — built on the assumption that 'given enough eyeballs, all bugs are shallow,' as Linus Torvalds famously suggested — can survive in an era where AI 'eyeballs' can analyze code at superhuman speed and scale.

This tension is particularly acute for public sector organizations. Government technology teams have spent years building open source cultures and contributing to shared codebases. A wholesale retreat from that model would represent a significant philosophical shift in how public sector technology is developed and maintained.

What This Means for Developers and Organizations

For developers working within the NHS ecosystem, the immediate impact is operational. Teams must audit their repositories, identify any sensitive patterns or configurations, and transition projects to private visibility — all within a tight deadline.

Beyond the NHS, this decision carries several practical implications:

For healthcare technology vendors, the change may complicate integration work that previously relied on inspecting NHS open source projects. API documentation and reference implementations that were publicly accessible will now require formal access arrangements.

For other public sector organizations, the NHS's move creates pressure to conduct similar risk assessments. If the UK's largest employer determines that open source exposure creates unacceptable AI-related risks, smaller organizations with fewer security resources may feel compelled to follow.

For the AI industry, this represents another data point in the growing backlash against unrestricted training data collection. Following lawsuits from content creators, artists, and news publishers, the closure of institutional codebases adds a new dimension to the debate about what AI systems should be permitted to learn from.

Looking Ahead: A Temporary Measure or Permanent Shift?

The NHS has characterized the repository closures as temporary, but the path back to open source remains unclear. Reopening repositories would presumably require confidence that AI-related risks have been adequately mitigated — either through technical controls, policy frameworks, or both.

Several developments could influence the timeline. GitHub has been developing tools that allow repository owners to restrict AI training access, and proposed EU and UK AI regulations may eventually establish legal frameworks governing how AI systems interact with public code.

In the meantime, the NHS's decision highlights a critical challenge for the entire technology sector. The same AI capabilities that promise to revolutionize healthcare — from diagnostic imaging to drug discovery — also create new threat vectors that legacy security models were never designed to address.

The May deadline is approaching fast, and all eyes will be on how smoothly the transition unfolds. If the NHS manages the closure without significant disruption to its digital services, other large organizations may follow suit. If the process proves chaotic or damages the NHS's technology capabilities, it could serve as a cautionary tale about overcorrecting in response to AI anxiety.

Either way, the era of uncomplicated openness in public sector technology appears to be drawing to a close — at least until the industry develops better tools for navigating the complex intersection of open source values and AI-era security demands.