NHS England’s security response has triggered a transparency fight

NHS England is facing mounting opposition after telling staff that existing and future software should be pulled from public view by 11 May because of concerns that AI systems can identify vulnerabilities in open code. The move, described by critics as both ineffective and damaging, is attracting a growing backlash from technologists, campaigners, and former officials who argue that closing code does little to improve security while undermining transparency and reuse.

At the center of the dispute is a new class of AI-enabled software analysis. According to the source report, concern intensified after reports that Mythos, an AI created by Anthropic, could discover flaws in virtually any software. NHS England’s response was to tell staff that code developed with public funding should be kept behind closed doors rather than openly available online.

The decision cuts against existing policy

The move is controversial partly because it runs directly against the NHS service standard, which requires software produced by staff to be open source so it can be reused, improved, and built upon without duplicated effort. Open-source supporters argue that this approach is not only more efficient for the public sector but often more secure, because more reviewers can inspect and improve the code.

An open letter calling on NHS England to reverse the decision quickly gathered hundreds of signatures, including author Cory Doctorow and former UK health secretary Matt Hancock. In comments highlighted by the report, Hancock called the policy a major mistake and argued that publicly funded code should remain available to the public that paid for it.