NHS England has ordered the immediate withdrawal of hundredsof publicly accessible software repositories, directing technology leadersacross the organisation to make codebases private by 11 May 2026. The directiverepresents the most significant reversal of the health service's digitaltransparency policy in a decade, and it names a specific cause: a frontier AImodel called Mythos, developed by Anthropic, which researchers say canautonomously identify security vulnerabilities at a scale and speed that outpacesconventional auditing.

The order requires all public repositories to be switched toprivate status unless an exceptional case can be made to an engineering board.That board must formally approve any future public release of software.Officials have described the lockdown as a precautionary measure rather than apermanent settlement, pending a broader reassessment of the organisation'ssecurity posture in what internal communications have termed the "agenticAI era."

Mythos has not been released to the general public.Researchers with early access to the model reported to NHS officials that itdemonstrated "pretty severe" capabilities in scanning large volumesof source code and reasoning about architectural weaknesses that human auditorsroutinely miss. The concern is not that an individual actor will study NHS codeline by line, but that an AI agent can ingest entire repositories, map theirlogic and surface exploitable flaws within hours. NHS systems used by the publicfor administrative and clinical management were identified as particularlyexposed if source code remained openly accessible.

The decision inverts a principle that has shaped publicsector technology policy for years. Since the early 2010s, governmentdepartments and arms-length bodies have operated under "open bydefault" guidance, publishing code to enable independent scrutiny,encourage collaboration with the developer community and reduce duplication ofexpenditure. The NHS became one of the more active participants in thisculture, with its repositories attracting contributions from external engineersand functioning as reference material for health technology projectsinternationally. That rationale has now been subordinated to the securityconcern.

Not everyone accepts the logic. Transparency advocates andsome of the researchers who first raised the Mythos alarm have criticised theresponse as a category error. Their argument is that the code in question hasbeen publicly available for years and has in all likelihood already beenprocessed by the training datasets of multiple AI systems, Mythos among them.Making repositories private at this point does not remove the information fromcirculation; it simply removes it from view. Critics further argue that theclosure cuts off the wider developer community from contributing to securityimprovements, meaning that the vulnerabilities the NHS is attempting to concealwill go unpatched for longer.

This tension between precaution and practicality sits at thecentre of the decision. The government's instinct, confronted with a novel andpoorly understood threat, is to reduce the attack surface by any availablemeans. The counter-argument is that hiding code is not the same as securing it,and that the "security through obscurity" principle has a poor trackrecord as a standalone defence.

The NHS is the first major UK public body to attribute achange in national security policy directly to a named AI model. The precedentis likely to attract attention in other departments. The Department for Workand Pensions and HMRC both maintain substantial open-source estates, andofficials familiar with the matter expect similar pressure to mount as thecapabilities of AI systems continue to advance. Neither department hascommented publicly on whether it is reviewing its own repository policies.

Whether the lockdown holds in its current form will dependpartly on what the NHS's reassessment concludes and partly on how Mythos andcomparable models develop. For now, a policy built on openness has beensuspended on the basis of a single model's demonstrated capabilities, and theorganisation has given itself no fixed timetable for deciding what comes next.

‍