NHS England Rushes to Hide Software over AI Hacking Fears

The NHS has built a reputation for sharing its software openly, publishing thousands of lines of code on GitHub to enable hospitals, startups, and research groups to reuse and improve digital health tools. This collaborative model has reduced duplication, lowered development costs, and fostered a community of contributors that accelerates innovation in patient care. By making code publicly accessible, the NHS also demonstrated accountability for public‑funded projects, aligning with broader government open‑data initiatives.

The recent directive cites emerging AI models such as Mythos, which can generate sophisticated code exploits, as a justification for tightening access. Proponents argue that keeping repositories private reduces the attack surface and prevents malicious actors from reverse‑engineering vulnerabilities. However, cybersecurity specialists warn that obscurity rarely stops determined hackers and that open‑source scrutiny often uncovers flaws faster than closed development. They contend that the NHS could achieve stronger defenses through rigorous code reviews, bug‑bounty programs, and secure development lifecycles rather than blanket secrecy.

If the NHS follows through, the decision may set a precedent for other public institutions that have traditionally embraced open‑source policies. Critics fear that reduced transparency will hamper third‑party integration, increase vendor lock‑in, and inflate maintenance budgets as internal teams shoulder the full burden of support. Moreover, the move could erode public trust in how taxpayer‑funded technology is managed. Balancing genuine security concerns with the proven benefits of open collaboration will be crucial as governments grapple with the dual challenges of AI‑driven threats and the need for rapid, cost‑effective digital transformation.