An open letter opposing NHS England's decision to pull its open-source software from public view amid AI hacking fears has garnered 682 signatures, including from author Cory Doctorow and former health secretary Matt Hancock. Critics argue the policy undermines transparency and security in taxpayer-funded code.
As reported earlier this week, NHS England directed staff on May 1 to privatize all existing and future open-source repositories by May 11, citing risks from AI models like Anthropic's Mythos, which recently demonstrated finding software flaws. The policy, which contradicts prior NHS standards mandating open-sourcing of public-funded code, has faced swift opposition.
A co-authored open letter has attracted 682 signatures, decrying the move as harmful to transparency and security. Signatories include Cory Doctorow and former UK health secretary Matt Hancock, who called it a 'huge mistake' on LinkedIn: 'One of the smartest things the NHS has done in recent years is open-source its code. Taxpayers paid for it, so taxpayers should benefit from it. But the practical case is just as strong: open source code is more rigorously tested, more secure, and allows the best minds anywhere in the world to build on top of it.'
Vlad-Stefan Harbuz at the University of Edinburgh, a letter co-author, used Mythos to scan existing public NHS code, uncovering severe vulnerabilities that he responsibly disclosed. 'It’s the helpers that we’re hurting by making things closed source, not the attackers,' he said.
Terence Eden, experienced in UK Civil Service data openness, echoed the sentiment, calling open-source 'non-negotiable' for trust in healthcare tools. Despite concerns, the UK AI Security Institute assessed Mythos as posing risks only to 'small, weakly defended and vulnerable enterprise systems,' with no threat to secure networks.
NHS England maintains the restriction is temporary: 'We will continue to publish source code where there is a clear need.' The UK Department of Health and Social Care did not comment.
