This must have been a ton of work, thanks for this thorough writeup of current discussions in biosecurity. Thank you for the high praise of SecureBio, too!
I still want to flag three possible misconceptions:
Early in the piece, on the question of motivation for pursuing bioweapons, you ask:
> And why wouldn’t those actors opt for much simpler acts of violence that would roughly accomplish the same thing?
This is an objection we hear relatively frequently and it is somewhat missing the whole reason why the current longtermist-flavored scope-sensitive biosecurity that you discuss in your article emerged—global catastrophic risks. If you truly want to cause catastrophic mass harm (from tens of millions of deaths to extinction), you basically only have nukes and pandemics available. Nukes are practically impossible to obtain, and while pandemic-capable viruses are definitely not trivially easy to make and work with, information and methods around them are close to open-source. Thus, if a malicious actor wants to cause global-scale harm, there aren’t any simpler acts of violence that roughly accomplish the same thing.
On the offense–defense balance of AIxBio progress:
> AI tools will be just as useful in countermeasure design
I think this claim understates how much disagreement is around the offense–defense balance of biological tools. The landscape of biological tool capabilities seems to be pretty jagged and it’s not obvious to me that this results in balanced progress, especially given (as you correctly point out) the inherent offense-favor of pandemics. I think it would be a pretty big coincidence if a new technology happens to be exactly as useful for offense as it is for defense. Indeed, the consensus of my colleagues and me at SecureBio is that AI tools will accelerate bioweapon design + deployment well before they enable us to have countermeasure design + deployment that is sufficient to render us acceptably safe from such risks.
On weaponization:
> Finally, I am not scared of individual actors, because the economics of bioweapons production likely do not work in their favor. Yes, they can rent upstream services—virus production, purification—but the downstream weaponization work requires custom protocols that CROs have no economic incentive to develop. Moreover, given that the weaponization will almost definitely be a bespoke, hands-on R&D project and not one that is easily automated, it feels unlikely that nobody at the CRO will raise an eyebrow.
It is a bit unclear to what extent the concept of “weaponization” applies to many of the pandemic threats many people in scope-sensitive biosecurity care about. Historically, weaponization was indeed a pretty big problem for certain BWs, which required specific conditions for storage in munitions, preparation for aerosolization, etc. But as we’ve seen with COVID, “weaponization” for many pandemic-capable pathogens might be essentially complete at the purification stage and only requires getting it onto somebody’s epithelium via a spray bottle. (And regarding the “economics of bioweapons” point, I’d re-emphasize my first point.)
That being said, I definitely agree with most of the things you wrote about biodefense and reasons for optimism. We have a ton of promising interventions that can form a pretty airtight swiss-cheese stack if we manage to implement them; biohardened environments, PPE stockpiles, and widespread early detection alone would make BWs very unattractive. Again, great to see such a detailed piece on biosecurity.
Lots of safe anti-viral drugs out there, but hard to know which ones to use, either alone or in combination. Resources like the REFRAME library should allow for rapid testing. We did some work on using ML for drug combo selection at one point (working with Gates foundation), very effective — however terrible idea commercially, but could use useful in such a doomsday scenario.
I like that this resists the easy doom spiral and instead treats biosecurity like a messy system: incentives, chokepoints, and governance—plus the awkward dual-use reality. The “who pays?” thread is the adult question. If you had to pick one near-term move with the best ROI (policy, standards, procurement, screening norms), what would it be?
Great article. You might also be interested to know that there are some other pioneering and scalable approaches like MALDI-TOF Mass Spec that can be used for emergent threat detection
The human risk is far greater than appreciated here, depending on the threat vector. Once people realize the threat vectors I have in mind, the endgame doesn’t look good for humanity: ML guesses won’t cut it for countermeasure development.
Excellent article! Thanks for taking the time to write out what the broad field of biosecurity looks like today.
enjoyed talking to you about this, great post!
hyped abt this post! bullish on pilgrim ;)
Thank you for the new book, I’m excited to read it later today!
One thing you missed since it was announced recently - Ginkgo is spinning out their biosecurity business so it can do a private raise.
https://www.prnewswire.com/news-releases/ginkgo-bioworks-reports-fourth-quarter-and-full-year-2025-financial-results-announces-focus-on-autonomous-labs-offerings-and-divestiture-of-its-non-core-biosecurity-business-302699023.html
This must have been a ton of work, thanks for this thorough writeup of current discussions in biosecurity. Thank you for the high praise of SecureBio, too!
I still want to flag three possible misconceptions:
Early in the piece, on the question of motivation for pursuing bioweapons, you ask:
> And why wouldn’t those actors opt for much simpler acts of violence that would roughly accomplish the same thing?
This is an objection we hear relatively frequently and it is somewhat missing the whole reason why the current longtermist-flavored scope-sensitive biosecurity that you discuss in your article emerged—global catastrophic risks. If you truly want to cause catastrophic mass harm (from tens of millions of deaths to extinction), you basically only have nukes and pandemics available. Nukes are practically impossible to obtain, and while pandemic-capable viruses are definitely not trivially easy to make and work with, information and methods around them are close to open-source. Thus, if a malicious actor wants to cause global-scale harm, there aren’t any simpler acts of violence that roughly accomplish the same thing.
On the offense–defense balance of AIxBio progress:
> AI tools will be just as useful in countermeasure design
I think this claim understates how much disagreement is around the offense–defense balance of biological tools. The landscape of biological tool capabilities seems to be pretty jagged and it’s not obvious to me that this results in balanced progress, especially given (as you correctly point out) the inherent offense-favor of pandemics. I think it would be a pretty big coincidence if a new technology happens to be exactly as useful for offense as it is for defense. Indeed, the consensus of my colleagues and me at SecureBio is that AI tools will accelerate bioweapon design + deployment well before they enable us to have countermeasure design + deployment that is sufficient to render us acceptably safe from such risks.
On weaponization:
> Finally, I am not scared of individual actors, because the economics of bioweapons production likely do not work in their favor. Yes, they can rent upstream services—virus production, purification—but the downstream weaponization work requires custom protocols that CROs have no economic incentive to develop. Moreover, given that the weaponization will almost definitely be a bespoke, hands-on R&D project and not one that is easily automated, it feels unlikely that nobody at the CRO will raise an eyebrow.
It is a bit unclear to what extent the concept of “weaponization” applies to many of the pandemic threats many people in scope-sensitive biosecurity care about. Historically, weaponization was indeed a pretty big problem for certain BWs, which required specific conditions for storage in munitions, preparation for aerosolization, etc. But as we’ve seen with COVID, “weaponization” for many pandemic-capable pathogens might be essentially complete at the purification stage and only requires getting it onto somebody’s epithelium via a spray bottle. (And regarding the “economics of bioweapons” point, I’d re-emphasize my first point.)
That being said, I definitely agree with most of the things you wrote about biodefense and reasons for optimism. We have a ton of promising interventions that can form a pretty airtight swiss-cheese stack if we manage to implement them; biohardened environments, PPE stockpiles, and widespread early detection alone would make BWs very unattractive. Again, great to see such a detailed piece on biosecurity.
Lots of safe anti-viral drugs out there, but hard to know which ones to use, either alone or in combination. Resources like the REFRAME library should allow for rapid testing. We did some work on using ML for drug combo selection at one point (working with Gates foundation), very effective — however terrible idea commercially, but could use useful in such a doomsday scenario.
I like that this resists the easy doom spiral and instead treats biosecurity like a messy system: incentives, chokepoints, and governance—plus the awkward dual-use reality. The “who pays?” thread is the adult question. If you had to pick one near-term move with the best ROI (policy, standards, procurement, screening norms), what would it be?
Great article. You might also be interested to know that there are some other pioneering and scalable approaches like MALDI-TOF Mass Spec that can be used for emergent threat detection
Thank you for writing this –– really wonderful! Everyone should read this as a primer on biosecurity. I have responded to some of the statements in the conclusion in a separate post: https://oliviahelens.substack.com/p/the-lucretius-problem-of-biosecurity
The human risk is far greater than appreciated here, depending on the threat vector. Once people realize the threat vectors I have in mind, the endgame doesn’t look good for humanity: ML guesses won’t cut it for countermeasure development.
Good article, though
What are the threat vectors?