GDS challenges NHS open-source retreat after Glasswing disclosures
TL;DR:
- The UK’s Government Digital Service (GDS) has published guidance on AI, open code and vulnerability risk in the public sector, with the key recommendation: “Keep open by default.”
- The guidance is read by civil-service watchers as a direct (though unnamed) challenge to the NHS’s decision to close access to its open-source repositories in response to vulnerabilities reported via Anthropic’s Project Glasswing.
- Government technologist Terence Eden — known for his civil service vocabulary — interprets the published disagreement as a major escalation, comparing it to “being invited to a meeting without biscuits”.
The GDS publication is rare in two ways. First, internal UK government disagreements about technical strategy rarely spill into public guidance documents. Second, an explicit “keep open by default” framing — published two days after the NHS confirmed its retreat from open repositories in response to Glasswing-derived vulnerability disclosures — leaves little doubt about its target, even without naming the NHS.
The underlying dispute is consequential. Anthropic’s Mythos cybersecurity model — distributed to roughly 40 organisations including Amazon, Microsoft and JPMorgan Chase via Project Glasswing — has identified thousands of high-severity vulnerabilities across operating systems, browsers and (separately) the global financial system. NHS England’s response has been to close access to its public code repositories, arguing that doing so reduces attacker reconnaissance. The GDS response, in effect: that’s the wrong instinct.
What GDS actually says
The GDS guidance, published 14 May, reasons that making everything private “adds additional delivery and policy costs, and can reduce reuse and scrutiny.” Its conclusion is that “openness should remain the default posture, with closure used sparingly and deliberately.” That formulation directly contradicts the NHS pattern of broad-brush closure in response to a single (admittedly serious) class of vulnerability.
Government technologist and former Cabinet Office digital lead Terence Eden — who covered the original NHS decision and now its public challenge — read the GDS document as an unusual escalation. “Within the UK’s Civil Service you occasionally hear the expression ‘being invited to a meeting without biscuits’. It implies a rather frosty discussion without any of the polite niceties of a normal meeting,” Eden wrote. “It is rare for those internal disagreements to spill over into public.”
For context: GDS does not have direct authority over NHS England digital strategy. But it does set the cross-government standard for digital practice, and a published divergence from one of the largest UK public-sector tech estates carries reputational and procurement-policy weight.
Looking forward
The substantive question is whether the closure response actually reduces attacker capability — and the evidence so far suggests the opposite. Public repositories that are widely scrutinised generally have weaknesses identified and patched faster than closed equivalents. Closure may slow some forms of low-effort reconnaissance, but does not affect Glasswing-class capability, which works directly against deployed binaries and live services rather than only against published source. The wider UK question is whether other public-sector tech estates — DWP, HMRC, Home Office, NHS Trusts individually — will follow NHS England’s lead or align with GDS guidance. With Mythos-equivalent capability now spreading beyond the original Glasswing partner circle (per Anthropic’s disclosure changes covered separately today), the urgency of getting the open-vs-closed policy right is rising fast.