Biological Risk
Key Evidence
Overview
Biological risks, often referred to as "biorisks," encompass the uncertainties associated with both the likelihood and the consequences of negative biological events, such as infections, that can arise from exposure to or misuse of biological agents, materials, or information. Biorisks include naturally occurring diseases, accidental infections, unauthorized access or theft of biological materials, misuse or diversion, unexpected discoveries, and the intentional release of biological agents. Any of these risks can significantly impact human health, non-human animals, or environmental stability. This risk landscape intersects with various fields, including public health, biosecurity, biosafety, biotechnology (especially synthetic biology), and environmental protection.
Advancements in artificial intelligence (AI), particularly in large language models (LLMs) and biological design tools (BDTs), have drastically altered this landscape by enabling a broader range of individuals to conduct scientific work more rapidly. Due to their dual-use nature, these systems can facilitate beneficial scientific advancements, but also lower the barriers of entry for malicious actors to misuse them or increase the scale of potential harm. AI-enabled capabilities now encompass a variety of biotechnology-related processes, including advanced information retrieval, complex biological engineering, pathogen manipulation, laboratory automation and troubleshooting, and strategic operational planning and deployment. Current AI systems may exacerbate biorisks by assisting with multiple tasks across the biorisk chain. Therefore, it’s crucial to identify where AI contributes to vulnerabilities in order to highlight points of concern and inform practical responses, such as updating policies, establishing targeted guidelines, and implementing verification mechanisms that keep pace with evolving capabilities.
This platform explores how AI can either increase the biorisk likelihood or the severity of harm through two complementary perspectives. The first perspective focuses on intentional misuse, as AI could facilitate aspects of bioweapon development and pose challenges to biosecurity. The second perspective addresses accidental harm, where the automation or deployment of AI agents in laboratories or relevant facilities may heighten the risk of incidents associated with biosafety challenges.
Key Capabilities
It includes the provision of insights and rationales that frame biological knowledge for malicious use, the acquisition and synthesis of sensitive information from diverse sources, and the translation of tacit practitioner know-how into explicit, standardized guidance. It further covers the integration of cross-domain expertise to augment or generate novel biological knowledge.
Insight provision
Ability to provide rationale, insights, and prospects that drive malicious actors towards understanding how to create a hazardous biological agent.
Knowledge acquisition from sources
Ability to provide sensitive biological knowledge, applicable throughout the biorisk chain, through means such as generation, retrieval from single or multiple sources, providing search suggestions, prompts, and other guidance to actors, etc.
Tacit knowledge acquisition
Ability to translate implicit, difficult-to-express knowledge into clear, explicit standard-of-practice guidance that enhances practitioner know-how.
Cross-domain expertise
Ability to augment or generate new sensitive biological knowledge with the use of expertise from other fields (e.g., chemistry, physics, computing).
Optimization
Ability to guide decision-making in order to improve the effectiveness, efficiency, or stability of biological processes. Examples include determining optimal growth conditions for biological cultures, accelerating production timelines, or enhancing the resilience and yield of harmful biological agents.
It involves the ability to develop plans that incorporate conceptual mapping, protocol generation, and the biological engineering necessary to produce harmful quantities of an agent. Such plans may involve considerations of logistics, budgeting, resource optimization, risk-benefit analysis, and other management functions, as well as strategies to evade bans, regulations, and other control and protection measures.
Strategic planning
Capabilities related to the high-level design of strategies for creating a biohazard. It involves supporting the conceptual mapping of the biorisk chain, identifying goals and pathways of misuse, and considering long-term risk-benefit analyses.
Operational planning
Ability to generate step-by-step plans for specific stages of the biorisk chain. It involves translating high-level strategy into concrete, executable procedures. It includes tasks such as adapting or generating laboratory protocols, coordinating biological engineering tasks, integrating automation, and supporting the planning of testing and deployment phases.
Financial and resource planning
Ability to estimate, allocate, and optimize the financial and material resources to support harmful biological activities. This includes designing budgets, planning the supply chain, developing procurement strategies, and prioritizing resources to maximize efficiency and minimize detection risks.
Risk and compliance planning
Ability to identify, anticipate, and navigate obstacles posed by biosafety and biosecurity regulatory frameworks. This includes recognizing potential weak points in verification and enforcement, as well as developing strategies to navigate or evade regulatory oversight and control measures to minimize exposure.
It includes the reconstruction of known agents from existing knowledge and methods, the modification of biological properties to alter functionality or enhance harmful potential, and the prediction or modeling of agent structures and variants to deepen understanding of their mechanisms. Beyond adaptation, it also encompasses the design of entirely novel biological agents, extending the scope of potential threats through synthetic or computational innovation.
Agent reconstruction
Ability to reconstruct known biological agents based on existing knowledge and techniques.
Biological agent modification
Ability to model, predict, and implement genetic or structural changes that can alter the properties of biological agents. These modifications can affect various characteristics like virulence, transmissibility, host range, susceptibility, and immune evasion, among others.
New biological agent design
Ability to generate entirely new biological agents through computational modeling and sequence design, beyond the adaptation of existing organisms. This includes designing variants with different sequences but similar functions to known pathogens, creating mirror organisms, or engineering agents with novel properties that could pose unprecedented risks.
The most concerning implications include the reduction of human oversight through automation, the ease of bypassing bottlenecks, the heightened risk of mass production of biological agents, and the increased reliance on potentially harmful outputs. In addition, these capabilities may create opportunities for the hijacking or manipulation of laboratory operations.
Bioengineering workflow support
Ability to support laboratory experimentation and biological engineering tasks, including the analysis and interpretation of experimental data, workflow refinement, protocol improvement, and reagents or equipment selection. These enhance the efficiency and accuracy of experimental processes.
Automation and tool integration
Ability to automate processes by integrating specialized software and hardware. This capability reduces human oversight through autonomous task execution, increases throughput, and accelerates experimental or engineering cycles. This enhances operational efficiency, leading to faster, more reliable progress along the biorisk chain.
Testing and troubleshooting
Ability to systematically test experimental pathways to inform decisions in the development of hazardous biological agents and resolve issues during protocol execution (troubleshooting). These capabilities reduce bottlenecks and enhance the reliability of experimental outcomes.
Malicious modification of lab protocols and operations
Refers to creating opportunities for hijacking, altering, or subverting laboratory protocols and operational systems by integrating automation. Such actions may involve cyber intrusions, the deployment of bio-malware, or other manipulations intended to disrupt, corrupt, or repurpose laboratory workflows, thus compromising cyberbiosecurity.
Scaling of biomanufacturing
Ability to transition from laboratory-scale experiments to industrial-level biological agent production.
It includes assistance with targeting through delivery methods, host or environmental selection, and optimization of deployment conditions; predictive modeling of outcomes such as disease spread, societal response, and long-term effects; and guidance for circumventing biosafeguards across informational, technical, organizational, or regulatory layers. The category also covers evasion strategies to avoid attribution through bioforensics, as well as direct support in the execution and orchestration of biorisk deployment.
Targeting
Ability to aid in targeting of biothreats, including payload delivery methods, selection of host populations, conditions, and environments, etc.
Predictive modeling
Ability to run predictive analyses of consequences of deployment of biological agents, including disease spread dynamics, response dynamics, long-term effects, etc.
Biosafeguards circumvention
Ability to aid in circumventing informational, technical, and organizational biosafeguards.
Evasion
Ability to aid in avoiding tracing and responsibility attribution via bioforensics.
Execution
Ability to directly aid in orchestrating the biorisk deployment.
Risk Thresholds
Model Capabilities at 'Low' Risk
Models can provide general biological knowledge, help with basic research concepts, and assist in understanding scientific literature. They offer basic information about pathogens, genes, and related topics, but do not support design, modification, or synthesis activities. Outputs clarify publicly available knowledge without meaningfully enhancing offensive capabilities. Substantial human expertise is required to operationalize any harmful use.
Threat Scenario at 'Low' Risk
Researchers and non-experts benefit from enhanced productivity in general biological science education and resource discovery. The model supports legitimate scientific understanding but poses minimal biological threat capabilities, as outputs provide only foundational information that does not meaningfully enable weaponization pathways.
Hover a cell for details. Click to select.
| Risk Level | Ideation and knowledge | Planning | Design and Sequencing | Bio-engineering, Automation and Optimization | Deployment |
|---|---|---|---|---|---|
Low Risk | Low-Ideation and knowledge | Low-Planning | Low-Design and Sequencing | Low-Bio-engineering, Automation and Optimization | Low-Deployment |
Medium Risk | Medium-Ideation and knowledge | Medium-Planning | Medium-Design and Sequencing | Medium-Bio-engineering, Automation and Optimization | Medium-Deployment |
High Risk | High-Ideation and knowledge | High-Planning | High-Design and Sequencing | High-Bio-engineering, Automation and Optimization | High-Deployment |
Critical Risk | Critical-Ideation and knowledge | Critical-Planning | Critical-Design and Sequencing | Critical-Bio-engineering, Automation and Optimization | Critical-Deployment |
Hover over a cell in the matrix to see its full description here.
Scenarios
A malicious non-state actor, driven by extremist motivations, leverages the convergence of open-source LLMs, biodesign tools, and automated laboratory systems to plan and execute an attack with a reconstructed pathogen... The attack results in an outbreak that overwhelms unprepared health systems before containment measures can be effectively implemented.
A state actor, operating under the cover of legitimate biotechnology infrastructure, leverages advanced AI-biodesign tools to enhance the pathogenicity and stealth of a known biological agent... When deployed in another country, the outbreak is initially misdiagnosed as a natural event, delaying containment measures.
An extremist-terrorist group... leverages AI-biodesign models to create a novel pathogen with pandemic potential... The release of the novel pathogen results in a rapidly spreading outbreak for which no existing vaccines or diagnostics are effective.
A commercial biotechnology laboratory, fully automated with AI-guided robotic systems, is tasked with high-throughput vaccine and therapeutic development... a robotic arm miscalibrates during sample transfer, damaging a biosafety cabinet and creating a small containment breach. Because the AI has been trained primarily to maximize efficiency rather than to prioritize safety, the anomaly is neither flagged nor reported... The result is an outbreak that overwhelms local health systems and damages public trust.
A state-of-the-art automated biomanufacturing facility... becomes the target of a cyberbiosecurity attack... an attacker deploys a “biomalware” payload that reprograms the AI design layer. Instead of producing insulin, the system is redirected to generate and optimize a high-yield variant of a toxin or other harmful substances...
A biotechnology startup deploys a fully automated laboratory powered by AI-driven design–build–test–learn cycles... the AI inadvertently generates a novel biological construct with properties resembling both toxins and viral mimics... By the time the true nature of the hazard is identified, the construct has spread across borders, manifesting as an engineered pandemic caused by accident.
Glossary
Biohazard: Source of harm caused by biological agents.
Frequently Asked Questions
Likely yes, primarily (at the moment) by speeding up and supporting existing pathways rather than creating entirely new ones. The real advantage of AI lies in its speed and interactivity as it can clarify misconceptions, transform implicit knowledge into clear step-by-step guidance, and facilitate iterative planning and troubleshooting.
Both factors are at play. AI reduces bottlenecks, increasing the likelihood of misuse or errors. At the same time, biodesign tools may heighten severity by enabling users to explore constructs designed to alter key properties, such as virulence, transmissibility, or immune evasion. Real-world harm still depends on an actor's laboratory capacity, resource access, and oversight.
Yes, according to evidence from recent evaluations, state-of-the-art models can achieve, and in some cases even outperform domain experts on selected tasks. However, it is important to understand the limitations and interpretations of these results as most existing benchmarks utilize multiple-choice formats or narrow exercises and do not evaluate the ability to design and execute complete experimental protocols.
According to superforecasters, the estimated annual baseline risk of a pandemic intentionally caused by humans, resulting in more than 100,000 deaths, has risen from 0.3% to 1.5% when considering new AI-enabled biorisks. This risk can potentially be reduced significantly to 0.4% through specific technical safeguards.
Current measures focus on two main fronts: AI governance and biotechnology safeguards. On the AI side, efforts emphasize systematic model evaluations, data filtering, strengthened security, and technical safeguards. On the biotechnology side, proposals highlight upgrading DNA and RNA synthesis screening to AI-enabled detection systems.
Effective mitigation measures operate through multiple layers of protection. These include access restrictions on LLMs, mandatory DNA screening, and robust governance frameworks that establish oversight and accountability. Together, these mechanisms create technical and regulatory barriers that make it significantly more difficult to misuse AI.
Currently, most leading AI labs release system or model cards which may include evaluations of risks related to CBRN threats. However, these practices are not mandatory, and coverage of bio-related risks varies. In practice, oversight remains mostly voluntary, with no binding mechanisms in place.
The groups considered to be "high-capability" are the most resourced, with access to researchers, scientific facilities, and funding. These actors can be either state or non-state actors.