NHS England locks down hundreds of GitHub repos over Mythos risk

TL;DR:

• NHS England has ordered all of its technology leaders to switch the organisation’s public GitHub repositories to private by 11 May 2026, citing the risk that frontier AI models could ingest, infer over and reason about the code at scale. Internal guidance singles out “developments such as the Mythos model”.
• The decision, approved by the NHS Engineering Board, marks a significant if temporary U-turn from a longstanding default-open policy under which “code built with public money” should be reusable.
• Resultsense view: this is the first concrete UK public-sector security policy change driven explicitly by frontier AI capability — and a leading indicator for how cyber posture across UK government will adjust as Mythos-class models become more available.

The Register obtained the internal guidance, which states that public repositories “materially increase the risk of unintended disclosure of source code, architectural decisions, configuration detail, and contextual information that may be exploited — particularly given rapid advancements in AI models capable of large-scale code ingestion, inference, and reasoning”. An NHS England spokesperson described it as a “temporary measure” while the organisation reassesses its security posture.

Scale and scope

The lockdown covers hundreds of repositories. NHS sources told The Register that few of those repos contain anything materially sensitive — examples include documentation, architecture diagrams and codebases for internal admin tools, such as web apps for managing clinic times. The Engineering Board has not given an end date, nor explained what specific Mythos-class threats it considers most consequential.

A reversal in policy posture

The NHS service manual codifies the open-source default: “Public services are built with public money. So unless there’s a good reason not to, the code they’re based on should be made available for other people to reuse and build on. Open-source code can save teams duplicating effort … And publishing source code under an open licence means that you’re less likely to get locked in to working with a single supplier.” That posture mirrors the broader UK government Service Standard.

The mass close-sourcing is not the first such pull-back: late 2025 reporting flagged that NHS pages explaining its open-source approach had been deleted, which the organisation framed as routine cleanup tied to the NHSX/NHS Digital folding into NHS England.

The Mythos calibration

Anthropic markets Mythos as capable of finding vulnerabilities skilled human teams would miss. The UK’s AISI and NCSC have “somewhat validated” that capability, per The Register, while sceptics note Anthropic has not disclosed false-positive rates and that gap-closure with open models is narrower than implied. Mythos is currently restricted under Project Glasswing.

Terence Eden, former head of open technology at NHSX, argued in a blog that closing repos is “not a meaningful defence”: code already public has been ingested for AI training “years ago” and archived widely. He argued the bigger NHS risk lies in software supply chains, phishing, password hygiene and insider threats.

Looking forward

Three threads to watch. First, whether other UK departments follow NHS England’s lead — DWP, HMRC and the MoJ all run similar open-by-default GitHub estates. Second, whether the Government Digital Service revises the Service Standard, which currently makes open-source the default; quiet revision is more likely than a public retraction. Third, whether the Cabinet Office issues central guidance, which would generalise NHS England’s posture across government. UK suppliers building public-sector tools should expect tighter contractual terms on code disclosure within the next two quarters.