NHS Orders GitHub Repositories Private Amid Concerns Over Anthropic's Mythos Model
Key Takeaways
- ▸NHS ordering hundreds of GitHub repositories to go private by May 11 due to vulnerability discovery risks from AI models like Mythos
- ▸Anthropic's Mythos capability to find code vulnerabilities is driving organizational rethinking of public code exposure strategies
- ▸Move is positioned as temporary while NHS assesses cybersecurity risks from frontier AI models
Summary
The UK's National Health Service (NHS) has ordered all technology leaders to convert hundreds of public GitHub repositories to private by May 11, citing concerns about advanced AI models—particularly Anthropic's Mythos—being capable of discovering vulnerabilities in publicly accessible source code. According to internal guidance seen by The Register, the healthcare organization views the rapid advancement of AI models that can perform large-scale code analysis as a material security risk to its infrastructure and systems.
An NHS England spokesperson characterized the move as a temporary measure while the organization strengthens its cybersecurity posture and assesses the impact of frontier AI models, though they stated they will continue to publish source code where there is a clear business need. The decision marks a significant departure from the UK government's longstanding policy favoring open-source development for publicly-funded services, reflecting broader enterprise concerns about frontier AI's ability to analyze and exploit publicly available code.
- Creates tension between open-source principles and AI-era security concerns in the public sector
