NHS England is making all its public GitHub repos private by 11 May because AI models might find vulnerabilities in the code.
-
NHS England is making all its public GitHub repos private by 11 May because AI models might find vulnerabilities in the code.
The code that has been public for years. Already scraped. Already archived. Already ingested into the very models they are worried about.
This is bolting the barn door after the horses have left the county.
🧵/1
-
NHS England is making all its public GitHub repos private by 11 May because AI models might find vulnerabilities in the code.
The code that has been public for years. Already scraped. Already archived. Already ingested into the very models they are worried about.
This is bolting the barn door after the horses have left the county.
🧵/1
You cannot unpublish what has been public. To truly remediate, you would need to rewrite the bulk of your codebase — at which point, start fresh.
Instead of reactive redaction, try this:
— Use the AI tools to find your own bugs before someone else does
— Focus resources on the critical systems protecting personal and financial data
— Make new repos private by default where appropriate
— Stop pretending obscurity equals security
🧵/2
-
You cannot unpublish what has been public. To truly remediate, you would need to rewrite the bulk of your codebase — at which point, start fresh.
Instead of reactive redaction, try this:
— Use the AI tools to find your own bugs before someone else does
— Focus resources on the critical systems protecting personal and financial data
— Make new repos private by default where appropriate
— Stop pretending obscurity equals security
🧵/2
The NHS pioneered public sector open source in the UK. The Covid contact tracing app was published openly and caused zero security incidents.
That was leadership.
This is panic.
🧵/3 (fin)
-
R relay@relay.infosec.exchange shared this topic
