Get your free personalized podcast brief
We scan new podcasts and send you the top 5 insights daily.
Instead of trying to control open-source AI models, which is intractable, the proposed strategy is to control the small, expensive-to-produce functional datasets they train on. This preserves the beneficial open-source ecosystem while preventing the dissemination of dangerous capabilities like viral design.
Related Insights
Models designed to predict and screen out compounds toxic to human cells have a serious dual-use problem. A malicious actor could repurpose the exact same technology to search for or design novel, highly toxic molecules for which no countermeasures exist, a risk the researchers initially overlooked.
The ease of finding AI "undressing" apps (85 sites found in an hour) reveals a critical vulnerability. Because open-source models can be trained for this purpose, technical filters from major labs like OpenAI are insufficient. The core issue is uncontrolled distribution, making it a societal awareness challenge.
China remains committed to open-weight models, seeing them as beneficial for innovation. Its primary safety strategy is to remove hazardous knowledge (e.g., bioweapons information) from the training data itself. This makes the public model inherently safer, rather than relying solely on post-training refusal mechanisms that can be circumvented.
The danger of AI creating harmful proteins is not in the digital design but in its physical creation. A protein sequence on a computer is harmless. The critical control point is the gene synthesis process. Therefore, biosecurity efforts should focus on providing advanced screening tools to synthesis providers.
Current biosecurity screens for threats by matching DNA sequences to known pathogens. However, AI can design novel proteins that perform a harmful function without any sequence similarity to existing threats. This necessitates new security tools that can predict a protein's function, a concept termed "defensive acceleration."
Deep Vision's plan to publish the genomes of deadly viruses would effectively give the "killing power of a nuclear arsenal" to an estimated 30,000 unvetted individuals with synthetic biology skills. In the bio-age, openly publishing certain information can be a greater security threat than physical weapons.
Research on bio-foundation models like EVO2 and ESM3 shows that strategically excluding key datasets (e.g., sequences of viruses that infect humans) dramatically reduces a model's performance on dangerous tasks, often to random chance, without harming its useful scientific capabilities.
A biosecurity data-level (BDL) framework, modeled after biosafety levels for labs, would keep 99% of biological data open-access. Only the top 1% of data—that which links pathogen sequences to dangerous properties like transmissibility—would face restrictions like requiring use-approval.
When all major AI models are trained on the same internet data, they develop similar internal representations ("latent spaces"). This creates a monoculture where a single exploit or "memetic virus" could compromise all AIs simultaneously, arguing for the necessity of diverse datasets and training methods.
Valthos CEO Kathleen, a biodefense expert, warns that AI's primary threat in biology is asymmetry. It drastically reduces the cost and expertise required to engineer a pathogen. The primary concern is no longer just sophisticated state-sponsored programs but small groups of graduate students with lab access, massively expanding the threat landscape.
