NHS England is restricting access to open source code after researchers found the Mythos AI model could expose “pretty severe” vulnerabilities in commonly used software.
NHSE issued guidance on 29 April stating that all open source repositories be made private by default by 11 May due to security concerns.
HSJ understands the guidance was issued after NHS England was informed by a group of researchers with access to Mythos that the AI model could detect and expose vulnerabilities in open source software used across the NHS.
However, one of the researchers who discovered the vulnerabilities said restricting access to open-source code “will not improve security”.
Vlad-Stefan Harbuz is the executive director of the Software Stewardship Lab, a non-profit organisation that aims to protect open source technology by identifying threats and producing software and research to mitigate them.
Mr Harbuz alerted NHSE after the Software Stewardship Lab was given advance access to the Mythos software and found vulnerabilities in open source NHS software.
He said the vulnerabilities were “not unique to the NHS” but that “NHS services used by the public could be seriously affected” if they were exploited.
Read full story (paywalled)
Source: HSJ, 6 May 2026
0 Comments
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now