Skip to content
Longterm Wiki
Navigation
Updated 2026-02-06HistoryData
Citations verified13 accurate4 flagged5 unchecked
Page StatusResponse
Edited 8 weeks ago2.0k words1 backlinksUpdated every 3 weeksOverdue by 37 days
55QualityAdequate •39.5ImportanceReference35.5ResearchLow
Content9/13
SummaryScheduleEntityEdit history1Overview
Tables5/ ~8Diagrams1/ ~1Int. links19/ ~16Ext. links0/ ~10Footnotes23/ ~6References3/ ~6Quotes17/22Accuracy17/22RatingsN:6 R:5 A:6 C:5Backlinks1
Change History1
Extract wiki proposals as structured data#1417 weeks ago

Created two new data layers: 1. **Interventions** (broad categories): Extended `Intervention` schema with risk coverage matrix, ITN prioritization, funding data. Created `data/interventions.yaml` with 14 broad intervention categories. `InterventionCard`/`InterventionList` components. 2. **Proposals** (narrow, tactical): New `Proposal` data type for specific, speculative, actionable items extracted from wiki pages. Created `data/proposals.yaml` with 27 proposals across 6 domains (philanthropic, financial, governance, technical, biosecurity, field-building). Each has cost/EV estimates, honest concerns, feasibility, stance (collaborative/adversarial). `ProposalCard`/`ProposalList` components. Post-review fixes: Fixed 13 incorrect wikiPageId E-codes in interventions.yaml (used numeric IDs instead of entity slugs). Added Intervention + Proposal to schema validator. Extracted shared badge color maps from 4 components into `badge-styles.ts`. Removed unused `client:load` prop and `fundingShare` destructure.

Issues1
QualityRated 55 but structure suggests 100 (underrated by 45 points)

Is EA Biosecurity Work Limited to Restricting LLM Biological Use?

Analysis

Is EA Biosecurity Work Limited to Restricting LLM Biological Use?

An analysis of the full EA/x-risk biosecurity portfolio, examining whether the community's work consists primarily of AI capability restrictions or encompasses a broader set of interventions including DNA synthesis screening, pathogen surveillance, medical countermeasures, and governance reform.

Related
Organizations
Coefficient GivingSecureBioSecureDNAAnthropicBlueprint Biosecurity
2k words · 1 backlinks

Overview

A common critique of the EA/x-risk community's biosecurity work is that it consists primarily of restricting what LLMs can say about biology. In reality, AI capability restrictions represent just one of at least six major intervention categories, and likely not the one receiving the most investment. The portfolio spans DNA synthesis screening, pathogen-agnostic surveillance, medical countermeasures, AI capability evaluations, physical environmental defenses, and governance reform.

This report maps the full landscape of biosecurity interventions relevant to AI-enabled biological risks, organized by Kevin Esvelt's Delay, Detect, Defend framework—the dominant conceptual model in this space.

Quick Assessment

DimensionAssessmentEvidence
Total EA Biosecurity Funding$230M+ from Coefficient Giving alone140+ grants across Biosecurity & Pandemic Preparedness fund1
Intervention Categories6+ distinct categoriesDNA screening, surveillance, countermeasures, AI evals, physical defenses, governance
% That Is "LLM Restrictions"Small minorityMost funding goes to detection infrastructure, screening technology, and countermeasures
Government AdoptionGrowingCDC Biothreat Radar ($52M proposed FY2026); OSTP synthesis screening framework; military ANTI-DOTE program
Key FrameworkDelay / Detect / DefendSecureBio's organizing model, widely adopted
Biggest GapMedical countermeasuresResilience-based approaches like broad-spectrum antivirals remain underfunded relative to need

The Full Intervention Portfolio

Diagram (loading…)
flowchart TD
  subgraph Delay["🛡️ Delay"]
      DNS["DNA Synthesis Screening
(SecureDNA, IBBIS)"]
      AIR["AI Capability Restrictions
(RSPs, output filtering)"]
      GOV["Biosecurity Governance
(BWC, OSTP framework)"]
  end
  subgraph Detect["🔍 Detect"]
      MET["Metagenomic Surveillance
(NAO, Biothreat Radar)"]
      BIO["AI Bio-Capability Evaluations
(VCT, red-teaming)"]
  end
  subgraph Defend["💊 Defend"]
      MCM["Medical Countermeasures
(Red Queen Bio, platform vaccines)"]
      UVC["Far-UVC & Physical Defenses
(Blueprint Biosecurity)"]
      PPE["Next-Gen PPE
(Improved filtration)"]
  end
  Delay --- Detect
  Detect --- Defend

Intervention Categories vs. Actors

InterventionKey ActorsEA/x-Risk Adjacent?Funding Scale
DNA Synthesis ScreeningSecureDNA, IBBIS/NTI, IGSCYes (SecureDNA founded by Esvelt)$10M+
Metagenomic SurveillanceSecureBio/NAO, CDC NWSSYes (NAO is SecureBio project)$10M+; $52M proposed government
AI Bio-Capability EvaluationsSecureBio (VCT), Anthropic, OpenAI, RANDMixed (SecureBio is EA; labs are industry)Embedded in lab budgets
Medical CountermeasuresRed Queen Bio, BARDA, platform vaccine developersPartially (Red Queen Bio funded by OpenAI)$15M seed; billions in government
Far-UVC & Physical DefensesBlueprint Biosecurity, Columbia University, UshioYes (Blueprint is EA-funded)$1M+ in EA grants
AI Capability RestrictionsAnthropic (ASL-3), OpenAI (preparedness), Google DeepMindIndustry-led with EA influenceEmbedded in lab operations
Biosecurity GovernanceNTI Bio, CSIS, Council on Strategic Risks, Johns Hopkins CHSMixed$7.8M+ from Coefficient Giving to NTI

Delay: Slowing Dangerous Capability Proliferation

DNA Synthesis Screening

DNA synthesis screening is arguably the most concrete, technically mature biosecurity intervention. The goal: prevent anyone from ordering synthetic DNA that could be used to reconstruct dangerous pathogens.

Key initiatives:

  • SecureDNA — A Swiss nonprofit foundation co-founded by Kevin Esvelt, providing free, privacy-preserving screening software to DNA synthesis providers. Uses cryptographic protocols so that neither the order contents nor the hazard database are revealed during screening. Can detect hazardous sequences down to 30 base pairs—already exceeding the OSTP framework's 2026 requirement of 50bp screening.2

  • IBBIS (International Biosecurity and Biosafety Initiative for Science) — Launched by NTI in 2024, headquartered in Geneva, led by Piers Millett (former Deputy Head of the BWC Implementation Support Unit). Develops the Common Mechanism for international DNA synthesis screening.3

  • OSTP Synthesis Screening Framework — The Biden administration's April 2024 framework requiring federally funded researchers to procure synthetic nucleic acids only from screened providers. Implementation began April 2025 (200nt minimum), with 50nt minimum from October 2026. The Trump administration's May 2025 Executive Order directed revision of the framework but maintained its core screening requirements.4

Critical gap: A January 2026 Nature Communications paper by Edison, Toner, and Esvelt demonstrated that unregulated DNA fragments can be assembled to bypass synthesis screening entirely—they acquired fragments sufficient to reconstruct the 1918 influenza virus from dozens of providers. The paper argues fragments must be regulated as select agents.5

AI Capability Restrictions

Some critics assume that AI capability restrictions constitute the entirety of EA biosecurity work. In practice, it's one piece of a much larger portfolio:

  • Anthropic's ASL-3: Activated for Claude Opus 4 specifically due to CBRN capability concerns. Involves increased internal security (preventing model theft) and deployment restrictions limiting misuse for weapons development.6
  • OpenAI's Preparedness Framework: GPT-5 and ChatGPT Agent deployed with "High capability" safeguards after evaluations couldn't rule out meaningful assistance to novice bioweapon actors.7
  • Google DeepMind: Gemini 2.5 Deep Think deployed with additional mitigations after CBRN knowledge assessments.7
  • Open-source gap: DeepSeek described as "worst tested" for biosafety by Dario Amodei (2025), with minimal content filtering for dangerous biological information.8

Biosecurity Governance

  • Biological Weapons Convention (BWC): The primary international treaty, though lacking a verification protocol. EA-adjacent organizations (NTI Bio, Council on Strategic Risks) actively push for strengthening.9
  • CSIS 2025 Report: Found current measures "ill-equipped" for AI-enabled bioterrorism threats.10
  • Dual-use research oversight: Ongoing debates about gain-of-function research moratorium and DURC policies.

Detect: Early Warning Systems

Metagenomic Pathogen Surveillance

The Nucleic Acid Observatory (NAO), operated by SecureBio under Jeff Kaufman's leadership, represents perhaps the most distinctive EA contribution to biosecurity—and one that has nothing to do with LLM restrictions.

How it works: Unlike traditional PCR-based surveillance (which can only detect known pathogens), the NAO performs untargeted metagenomic sequencing of wastewater—sequencing all genetic material in a sample. This means it can detect completely novel, engineered, or unknown pathogens, including those specifically designed to evade traditional surveillance.11

Three detection modes:

  1. Known pathogen alerts — Automated matching against pathogen databases
  2. Genetic engineering detection — "Chimera detection" pipeline flags signs of engineering
  3. Growth-based anomaly detection — Identifies any organism undergoing exponential growth, even if never seen before

Current scale (as of November 2025):

  • 31 sampling sites across 19 US cities
  • ≈60 billion read pairs sequenced weekly
  • Demonstrated detections: measles in Kauai County wastewater, West Nile Virus in Missouri12

Government adoption: The President's FY2026 Budget proposes $52 million for Biothreat Radar, a national pathogen detection system at CDC drawing directly on NAO's pilot findings. Designed to detect novel pathogens before 12 in 100,000 Americans are infected.13

Military adoption: Through the ANTI-DOTE program (Defense Innovation Unit), the NAO performs metagenomic sequencing at 5 US military facilities in the Indo-Pacific region.14

AI Bio-Capability Evaluations

Evaluating whether AI systems can meaningfully assist bioweapon development:

  • Virology Capabilities Test (VCT): Developed by SecureBio, CAIS, and MIT. 322 multimodal questions testing practical virology laboratory knowledge. Key finding: leading AI models outperform the vast majority of practicing virologists sampled. Now adopted by major AI labs for pre-deployment testing.15
  • RAND Red-Team Study (2024): 12 teams of 3 people given 80 hours over 7 weeks to plan biological attacks with/without LLM access. Found no statistically significant difference in plan viability—but this was with 2024-era models.16
  • OpenAI 100-Person Study: 50 biology PhDs + 50 students, assessed across 5 stages (ideation, acquisition, magnification, formulation, release). Found GPT-4 provided "at most a mild uplift."17
  • FRI Expert Survey: Forecasting Research Institute survey estimated AI capabilities matching expert virologists would increase annual epidemic probability from 0.3% to 1.5% (5x increase).18

Defend: Resilience and Countermeasures

Some critics have highlighted resilience-based approaches as more promising than restriction-based ones—and EA/x-risk organizations are actively working on both.

Medical Countermeasures

  • Red Queen Bio — Spun out of HelixNano (clinical-stage mRNA therapeutics), raised a $15M seed round led by OpenAI in 2025. Core thesis: "defensive co-scaling"—coupling defensive compute and funding to the same forces driving the AI capability race. Works with frontier labs to map AI-enabled biothreats and pre-build medical countermeasures.19
  • Platform vaccine technologies — mRNA platforms (demonstrated during COVID-19) enable rapid design of vaccines against novel pathogens within days of sequencing. The Coalition for Epidemic Preparedness Innovations (CEPI) has invested over $1.5B in pandemic preparedness vaccines, including its 100 Days Mission to compress vaccine development timelines.
  • Broad-spectrum antivirals — Still underdeveloped relative to need. Could provide pathogen-agnostic treatment.

Far-UVC and Physical Defenses

Blueprint Biosecurity, an EA-funded organization, has made far-UVC technology a centerpiece of their work:

  • Far-UVC light (222nm) can inactivate 99.8% of airborne pathogens in occupied spaces while remaining safe for human exposure—the light is absorbed by dead skin cells before reaching living tissue.20
  • Columbia University research (David Brenner) demonstrated effectiveness; technology licensed to Ushio Inc. (Care222 product line).21
  • Blueprint's EXHALE Program: ≈$1M in grants to evaluate far-UVC against real human-generated respiratory aerosols (Emory, Virginia Tech, University of Nebraska). Results expected mid-2026.22
  • Blueprint's Project AIR: Launched to address three bottlenecks—global health agency endorsements, real-world implementation guidance, and multinational funding.22
  • Key limitation: No binding regulatory standards exist worldwide for safe far-UVC dosage as of 2025.23

How the X-Risk Approach Differs from Traditional Biosecurity

DimensionTraditional Public HealthEA/X-Risk Approach
Detection methodPCR targeting known pathogensUntargeted metagenomic sequencing
Threat modelNatural disease outbreaksNatural pandemics AND deliberate/engineered threats
Design prioritySensitivity for known targetsDetection of completely novel threats
Scale of ambitionMonitor known diseasesEarly warning for civilization-threatening pandemics
ScreeningVoluntary industry guidelinesCryptographic screening infrastructure (SecureDNA)
CountermeasuresReactive (design after pathogen identified)Proactive (pre-build against AI-mapped threats)

Key Organizations

OrganizationFocusEA-Adjacent?Key Funding
SecureBioDelay/Detect/Defend framework; NAO; AI evalsYes$9.4M+ from Coefficient Giving
SecureDNADNA synthesis screening technologyYes (Esvelt co-founder)Swiss foundation
IBBISInternational screening standardsPartially (NTI-launched)Coefficient Giving via NTI
Blueprint BiosecurityFar-UVC technology deploymentYes$900K from Coefficient Giving (2024)
Red Queen BioAI-driven medical countermeasuresPartially (OpenAI-funded)$15M seed (OpenAI-led)
NTI BioBiosecurity governance, BWCPartially$7.8M from Coefficient Giving
Council on Strategic RisksNational security biosecurity policyNo (traditional national security)Various
CSISPolicy research on AI-bio threatsNoVarious
Johns Hopkins CHSBiosecurity policy and analysisNoVarious
Centre for Long-Term ResilienceUK biosecurity policyYesEA-funded

Key Funding Flows

Coefficient Giving (renamed Coefficient Giving in November 2025) is the dominant funder. Key biosecurity grants:

RecipientAmountPurpose
SecureBio$4,000,000General biosecurity research (3 years)
SecureBio (NAO)$3,430,000Nucleic Acid Observatory program
SecureBio$1,420,937Biosecurity research (3 years)
SecureBio$570,000Pathogen Early Warning Project
NTI Biosecurity$7,831,500Global catastrophic biological risk reduction (3 years)
Blueprint Biosecurity$900,000General support (2024)

Other EA-aligned funders include the Musk Foundation (NAO sensitivity research), Longview Philanthropy (>$50M directed in 2025 across x-risk areas), Founders Pledge (recommends SecureBio and IBBIS), and Survival and Flourishing Fund.

The Restriction vs. Resilience Debate

A key tension in biosecurity strategy is whether to prioritize restricting dangerous capabilities (limiting what AI models can say, restricting DNA synthesis) or building resilience (making it so that even if someone creates a pathogen, we can detect and respond fast enough to prevent catastrophe).

The EA/x-risk community's actual position is: both are necessary, and the portfolio reflects this. The Delay/Detect/Defend framework explicitly incorporates both restriction (Delay) and resilience (Detect + Defend). The field generally agrees that:

  1. Restrictions buy time but are insufficient alone—information wants to be free, and restrictions become harder as capabilities proliferate (especially via open-source models)
  2. Resilience is the long-term solution but isn't ready yet—metagenomic surveillance, far-UVC, and platform vaccines are still scaling
  3. The transition period is the most dangerous — we need restrictions now while building resilience infrastructure for the future

This is substantively different from the perception that EA biosecurity work is "only about limiting what LLMs can do."

Key Questions

  • ?How much of total EA biosecurity funding goes to resilience/defense vs. restriction/delay interventions?
  • ?Will DNA synthesis screening remain effective as benchtop synthesizers proliferate?
  • ?Can metagenomic surveillance scale fast enough to detect engineered pathogens with long incubation periods?
  • ?Is the 'defense favored' assumption correct long-term, or will offense always have an advantage in biology?
  • ?How much does open-source AI (e.g., DeepSeek) undermine restriction-based approaches?

Sources

Footnotes

  1. Coefficient Giving — Biosecurity & Pandemic Preparedness FundCoefficient Giving — Biosecurity & Pandemic Preparedness Fund

  2. SecureDNA platformSecureDNA platform; Security analysis

  3. IBBIS Common MechanismIBBIS Common Mechanism; NTI announcement

  4. Citation rc-0a35

  5. Edison, Toner & Esvelt 2026, Nature CommunicationsEdison, Toner & Esvelt 2026, Nature Communications

  6. 2026 International AI Safety Report2026 International AI Safety Report

  7. 2026 International AI Safety Report2026 International AI Safety Report 2

  8. <EntityLink id="bioweapons">Bioweapons page analysis of open-source risks</EntityLink>

  9. NTI Bio BWC workNTI Bio BWC work

  10. CSIS 2025 reportCSIS 2025 report

  11. NAO methodologyNAO methodology; P2RA study in The Lancet Microbe

  12. NAO Updates November 2025NAO Updates November 2025

  13. Biothreat Radar proposalBiothreat Radar proposal

  14. PHC Global ANTI-DOTE programPHC Global ANTI-DOTE program

  15. VCT paperVCT paper; SecureBio announcement

  16. RAND 2024 studyRAND 2024 study

  17. OpenAI biological threat studyOpenAI biological threat study

  18. FRI AI-enabled biorisk surveyFRI AI-enabled biorisk survey

  19. Red Queen BioRed Queen Bio; OpenAI $15M seed

  20. Citation rc-ac54

  21. Columbia University far-UVC researchColumbia University far-UVC research

  22. Blueprint Biosecurity far-UVC programBlueprint Biosecurity far-UVC program; EXHALE; Project AIR 2

  23. Far-UVC regulatory statusFar-UVC regulatory status

References

1Edison, Toner & Esvelt 2026 — Nature CommunicationsNature (peer-reviewed)·Paper

This Nature Communications paper by Edison, Toner, and Esvelt demonstrates a critical vulnerability in U.S. DNA synthesis screening regulations. The authors show that current select agent regulations fail to prevent the acquisition of dangerous pathogens because they do not regulate individual DNA fragments—only complete sequences. By obtaining unregulated DNA fragments from multiple commercial providers, the researchers were able to collectively assemble genetic material sufficient for a skilled individual to synthesize the 1918 influenza virus. The paper argues that DNA fragments must be regulated as select agents to make synthesis screening effective and prevent potential biosecurity threats.

★★★★★
nature.com
Claims (1)
The paper argues fragments must be regulated as select agents.
Accurate100%Feb 22, 2026
We acquired unregulated DNA collectively sufficient for a skilled individual to generate 1918 influenza from dozens of providers, demonstrating that fragments must be regulated as select agents.
2The Virology Capabilities Test (VCT): A Benchmark for LLM Capabilities in Virology Laboratory ProtocolsarXiv·Jasper Götting et al.·2025·Paper

The Virology Capabilities Test (VCT) is a 322-question multimodal benchmark evaluating LLM capabilities in complex virology lab troubleshooting, created with PhD-level expert input. Remarkably, OpenAI's o3 model scores 43.8%, outperforming 94% of human expert virologists who average only 22.1%. The authors argue these dual-use capabilities warrant integration into biosecurity governance frameworks.

★★★☆☆
arxiv.org
Claims (1)
- Virology Capabilities Test (VCT): Developed by SecureBio, CAIS, and MIT. 322 multimodal questions testing practical virology laboratory knowledge. Key finding: leading AI models outperform the vast majority of practicing virologists sampled. Now adopted by major AI labs for pre-deployment testing.
3Common Mechanism - IBBISInternational Biosecurity and Biosafety Initiative

IBBIS (International Biosecurity and Biosafety Initiative for Science) describes their Common Mechanism, a shared screening system designed to help DNA synthesis providers screen orders for dangerous sequences. The initiative aims to establish a global standard for biosecurity screening to prevent misuse of synthetic biology tools for creating biological weapons or dangerous pathogens.

★★★★☆
ibbis.bio
Claims (1)
- <EntityLink id="ibbis">IBBIS (International Biosecurity and Biosafety Initiative for Science)</EntityLink> — Launched by NTI in 2024, headquartered in Geneva, led by Piers Millett (former Deputy Head of the BWC Implementation Support Unit). Develops the Common Mechanism for international DNA synthesis screening.
Minor issues85%Feb 22, 2026
To support this process, IBBIS provides free, distributed, open-source, automated software for screening sequences of nucleic acids (including DNA and RNA) as well as customer screening resources.

The claim that IBBIS was launched by NTI in 2024 is not directly supported by the source. The source states that the Common Mechanism was developed in partnership with the International Technical Consortium for DNA Synthesis Screening, which was launched by the Nuclear Threat Initiative (NTI) in partnership with the World Economic Forum in 2019. The claim that IBBIS is led by Piers Millett is not directly supported by the source. Piers Millett is listed as an author in one of the publications. The claim that IBBIS is headquartered in Geneva is supported by the source, but the claim that IBBIS was launched in 2024 is not.

Citation verification: 11 verified, 3 flagged, 5 unchecked of 22 total

Related Wiki Pages

Top Related Pages

Organization

SecureBio

A biosecurity nonprofit applying the Delay/Detect/Defend framework to protect against catastrophic pandemics, including AI-enabled biological threats.

Organization

Blueprint Biosecurity

An EA-funded biosecurity nonprofit founded in 2023 by Jake Swett, dedicated to achieving breakthroughs in pandemic prevention through far-UVC germi...

Organization

SecureDNA

A Swiss nonprofit foundation providing free, privacy-preserving DNA synthesis screening software using novel cryptographic protocols.

Organization

Coefficient Giving

Coefficient Giving (formerly Open Philanthropy) is a major philanthropic organization that has directed over \$4 billion in grants since 2014, incl...

Organization

Anthropic

An AI safety company founded by former OpenAI researchers that develops frontier AI models while pursuing safety research, including the Claude mod...

Risks

Bioweapons Risk

Analysis

AI Uplift Assessment Model

Organizations

Johns Hopkins Center for Health SecurityCentre for Long-Term ResilienceIBBIS (International Biosecurity and Biosafety Initiative for Science)NTI | bio (Nuclear Threat Initiative - Biological Program)Red Queen BioCoalition for Epidemic Preparedness Innovations

Concepts

Biosecurity OverviewBiosecurity Orgs Overview

Other

Dario Amodei