A core flaw in virus hunting is moving pathogens from isolated natural environments to labs in dense population centers. Despite security ratings, all categories of labs have a history of leaks. The lack of a uniform reporting system means we don't know the failure rate, making labs a riskier container than nature.

China remains committed to open-weight models, seeing them as beneficial for innovation. Its primary safety strategy is to remove hazardous knowledge (e.g., bioweapons information) from the training data itself. This makes the public model inherently safer, rather than relying solely on post-training refusal mechanisms that can be circumvented.

Instead of trying to control open-source AI models, which is intractable, the proposed strategy is to control the small, expensive-to-produce functional datasets they train on. This preserves the beneficial open-source ecosystem while preventing the dissemination of dangerous capabilities like viral design.

Current biosecurity screens for threats by matching DNA sequences to known pathogens. However, AI can design novel proteins that perform a harmful function without any sequence similarity to existing threats. This necessitates new security tools that can predict a protein's function, a concept termed "defensive acceleration."

Deep Vision's plan to publish the genomes of deadly viruses would effectively give the "killing power of a nuclear arsenal" to an estimated 30,000 unvetted individuals with synthetic biology skills. In the bio-age, openly publishing certain information can be a greater security threat than physical weapons.

Unlike nuclear deterrence, there is no single theory of victory for biosecurity. The most effective approach is a layered strategy combining four pillars: Delay (e.g., data controls), Deter (e.g., treaties), Detect (e.g., wastewater monitoring), and Defend (e.g., far-UV sterilization).

Research on bio-foundation models like EVO2 and ESM3 shows that strategically excluding key datasets (e.g., sequences of viruses that infect humans) dramatically reduces a model's performance on dangerous tasks, often to random chance, without harming its useful scientific capabilities.

The operational plan for secure data control involves "Trusted Research Environments" (TREs). In this model, researchers bring their code to the data's secure location to run analyses, rather than downloading the sensitive data itself. This allows for valuable research while preventing leakage.

While 80% of DNA synthesis companies voluntarily screen orders for dangerous pathogen sequences, the system is not mandatory. This creates a glaring loophole, as a malicious actor can simply place their order with the 20% of companies that do not perform this critical safety check.