In a controversial move, NHS England has mandated that all existing and future software developed with public funds be removed from public access by May 11. This decision, prompted by concerns over vulnerabilities identified by the AI model Mythos, has sparked significant criticism from the tech and health communities. Mythos, created by Anthropic, reportedly has the capability to detect flaws in software, increasing fears of potential hacking risks.
NHS England’s choice contradicts its own service standard, which advocates for the open-source sharing of software to foster innovation and collaboration. Experts argue that restricting access to code will not enhance security measures, and an open letter urging NHS England to reconsider has gathered 682 signatures, including prominent figures like former UK health secretary Matt Hancock and digital rights advocate Cory Doctorow.
Vlad-Stefan Harbuz from the University of Edinburgh, a co-author of the letter, noted that he and his team had previously used Mythos to identify several vulnerabilities in the NHS’s open-source code. He expressed skepticism that the vulnerabilities they reported were the sole reason for the decision, emphasizing that regular security audits could uncover similar issues without resorting to restricting access.