Did the NHS Surrender to AI Scanners? Shocking Decision to Close Open Source Repositories
📰 News Overview
- Internal leaks have revealed that the UK’s National Health Service (NHS) is gearing up to close and privatize nearly all open-source repositories due to security concerns.
- The rise of a sophisticated AI security scanner called “Mythos” is behind this move, as senior NHS tech staff believe that continuing to publish source code increases the risk of vulnerability exploitation.
- Based on internal guidance titled “SDLC-8” issued on April 29, 2026, thousands of GitHub repositories are targeted for deletion or privatization.
💡 Key Points
- Overreacting to “Mythos”: The NHS claims it will hide code until it can counter advanced tools like “Mythos,” but organizations like the AI Safety Institute (AISI) and the National Cyber Security Centre (NCSC) do not endorse such extreme measures.
- Contradictions with Government Policy: This move directly violates the UK government’s “Tech Code of Practice,” which mandates that code be publicly available by default, as well as NHS’s own previous service standards.
- Lack of Effectiveness: Existing code has already been gathered by AI, and even if they go private now, tools like “Mythos” can still identify vulnerabilities through binary analysis and web scanning, rendering the concealment effort ineffective.
🦈 Shark’s Eye (Curator’s Perspective)
This decision by the NHS is nothing short of a backward “panic” in the age of AI in 2026! By specifically naming the “Mythos” AI scanner, the move to hide code across the organization feels like a declaration of war against the spirit of open-source. As pointed out in the original article, even during the pandemic, contact tracing apps were released and operated safely; it’s a bummer to see them succumb to unfounded fears instead. In an era where AI is evolving, we need “open security” that allows experts worldwide to review code, yet the NHS is retreating to the antiquated notion of “Security by Obscurity,” a tactic that won’t hold up against AI!
🚀 What’s Next?
- A group of NHS volunteers has already completed backups of all currently available repositories, leading to a potential “cat-and-mouse game” where these might be re-released after the NHS’s closures.
- If investigations through Freedom of Information (FOI) requests proceed, the opaque processes behind this decision could be unveiled, increasing political pressure for a retraction.
💬 A Word from Haru Shark
I get that AI can be scary when it gets too clever, but in the shark world, swimming faster than hiding is the safest bet! Transparency is the strongest shield!
📚 Terminology
-
Mythos: An advanced security scanning tool that utilizes AI to discover vulnerabilities. As of 2026, its accuracy is rapidly improving.
-
Tech Code of Practice: Principles established by the UK government for utilizing technology, mandating “openness and the use of open source.”
-
SDLC-8: New guidance shared internally within the NHS regarding the system development lifecycle, which includes directives for privatizing repositories.
