The Biosecurity Handbook: A Practical Guide to Biological Security and AI-Biosecurity Convergence

Q: How does DNA synthesis screening work and what are the two layers of protection?

DNA synthesis screening uses a two-layer defense: sequence screening (BLAST comparison against pathogen databases with six-frame translation to detect codon-optimized evasion) and customer screening (Know Your Customer verification of identity, institutional affiliation, and intended use). Both layers must pass for select agent sequences to be synthesized.

Q: What are the critical gaps in current DNA synthesis screening?

Major gaps include: oligonucleotides under 200 bp often unscreened yet assemblable into dangerous sequences; benchtop synthesizers enabling on-site synthesis without centralized screening; approximately 20% of global synthesis capacity operating outside IGSC voluntary framework; and AI-designed sequences that evade BLAST-based homology detection, as demonstrated in October 2025.

Q: What is the IBBIS Common Mechanism and why does it matter?

IBBIS Common Mechanism provides free, open-source screening software designed as a global baseline for nucleic acid synthesis screening. It can integrate with benchtop synthesizers to maintain screening even when synthesis occurs on-site rather than through commercial providers, though manufacturer adoption remains voluntary rather than mandatory.

Tegomoh, Bryan

DNA Synthesis Screening: The Critical Chokepoint

When someone orders synthetic DNA encoding a dangerous pathogen, they face a chokepoint. Commercial providers screen both the sequence and the customer before synthesis begins. This two-layer defense creates friction that stops casual misuse and flags sophisticated attempts. But technology is evolving faster than policy. Benchtop synthesizers enable on-site synthesis without external screening. AI tools can redesign toxins to evade database matching. And approximately 20% of global synthesis capacity operates outside voluntary screening frameworks. The chokepoint is narrowing.

Learning Objectives

Understand how DNA synthesis screening works as a biosecurity intervention
Evaluate the IGSC Harmonized Screening Protocol (sequence and customer screening)
Analyze regulatory evolution from 2010 HHS guidance through 2025 Executive Order
Identify critical gaps: oligonucleotides, benchtop synthesizers, unscreened capacity
Assess customer verification (Know Your Customer) processes
Recognize future screening approaches and policy needs

Scope of This Chapter

This chapter discusses biosecurity risks at a conceptual level appropriate for education and policy analysis. Consistent with responsible information practices:

Omitted: Actionable protocols, specific synthesis routes, exact pathogen sequences
Included: Risk frameworks, governance mechanisms, policy recommendations

For detailed biosafety protocols, consult your Institutional Biosafety Committee and relevant regulatory guidance.

📋 Chapter Summary (TL;DR)

DNA Synthesis Screening: Biosecurity intervention where commercial providers check ordered sequences against pathogen databases and verify customer legitimacy before filling orders. Critical chokepoint because democratized biological information must still become physical DNA through synthesis companies.

IGSC Harmonized Screening Protocol (v3.0, September 2024): - Sequence screening: 200+ bp orders screened against Regulated Pathogen Database (RPD: U.S. Select Agents, Australia Group, EU dual-use lists) - Six-frame translation: Detects codon-optimized evasion attempts - Customer screening: Identity verification, institutional affiliation checks, written justification for select agent sequences - Record keeping: 8-year retention of sequences and customer data

Regulatory Evolution: 2010 HHS guidance (voluntary) → April 2024 OSTP Framework (mandatory for federal funding, effective April 2025) → May 2025 Executive Order 14292 directing framework revision. Current status: regulatory uncertainty as revision deadline passed without replacement.

Critical Gaps: - Oligonucleotides: Short fragments (<200 bp) often unscreened, can be assembled into dangerous sequences - Benchtop synthesizers: On-site synthesis bypasses centralized screening (IBBIS Common Mechanism now operational) - Unscreened capacity: ~20% of global synthesis market operates outside IGSC voluntary framework - Novel sequences: BLAST-based homology screening misses AI-designed pathogens, as demonstrated in October 2025 when researchers showed AI tools could redesign toxins to evade screening

Customer Verification: Know Your Customer (KYC) approaches verify identity, institutional affiliation, publication history, and legitimate need for sequences of concern.

Bottom Line: Screening provides meaningful friction for malicious actors but has exploitable gaps. Closing them requires mandatory frameworks, benchtop device integration, oligonucleotide screening, and function-based (not just homology-based) detection.

Introduction

DNA synthesis screening is biosecurity’s most practical intervention point in the synthetic biology era. As Synthetic Biology and the Democratization of Biotechnology showed, democratized access to biological design tools means the knowledge to create dangerous pathogens is increasingly available. But knowledge alone isn’t enough. You need physical DNA.

That’s where screening comes in. When someone orders synthetic DNA from a commercial provider, the company screens both the sequence (is it dangerous?) and the customer (are they legitimate?). This creates a chokepoint: biological information must pass through synthesis companies to become biological reality.

Researchers have had orders flagged and had to provide institutional biosafety committee approvals. The delays were minor, usually a week, but the system demonstrated it was working. Sequences matching select agent databases triggered human review. Not every legitimate order went through smoothly, but that friction is the point.

This chapter covers how DNA synthesis screening actually works, the IGSC Harmonized Screening Protocol, the evolving U.S. regulatory landscape (from 2010 HHS guidance through the 2025 Executive Order), customer verification processes, and the critical gaps: oligonucleotides, benchtop synthesizers, and AI-designed sequences.

How DNA Synthesis Screening Works

The Two-Layer Approach

DNA synthesis screening uses a defense-in-depth strategy with two complementary layers:

Sequence Screening: Is the ordered DNA itself dangerous?
Customer Screening: Is the person ordering it legitimate?

Both must pass for an order to proceed, especially for sequences of concern.

Sequence Screening: BLAST Against Pathogen Databases

The core technical mechanism is sequence homology search using BLAST (Basic Local Alignment Search Tool). Here’s the simplified process:

Order received: Customer submits DNA sequence for synthesis
Automated comparison: Provider runs BLAST to compare ordered sequence against Regulated Pathogen Database
Threshold matching: If similarity exceeds set threshold (typically >80% identity over 200+ bp), triggers flag
Six-frame translation: Sequence translated into all six reading frames (amino acid sequences) to detect codon-optimized evasion
Human expert review: Flagged orders reviewed by trained biosecurity personnel
Decision: Accept, accept with additional customer screening, or reject

The Regulated Pathogen Database (RPD) maintained by IGSC includes: - U.S. Federal Select Agents and Toxins - Australia Group Common Control Lists - EU dual-use items list

Customer Screening: Know Your Customer (KYC)

When orders involve sequences of concern, providers verify customer legitimacy through KYC-like processes:

Initial onboarding (most intensive): - Identity verification (government-backed ID) - Institutional affiliation confirmation - Sanctions and watchlist screening - Publication history check (legitimate researcher?) - Shipping address validation

For select agent sequences: - Written description of intended use - Institutional biosafety committee approval - Principal investigator verification - Proof of appropriate containment facilities (BSL-3 or BSL-4 if required)

Periodic re-verification: - Customer legitimacy rechecked annually or when suspicious patterns emerge

Red flags: - Evasiveness about identity or affiliation - Suspicious shipping addresses (residential instead of institutional) - Requests to fragment orders across multiple providers - Unwillingness to provide intended use documentation

The IGSC Harmonized Screening Protocol

Origins and Membership

The International Gene Synthesis Consortium (IGSC), formed in 2009, comprises leading commercial DNA synthesis companies. Member companies represent an estimated 80% of global gene synthesis capacity, though that means 20% remains unscreened, a critical gap discussed below.

IGSC membership is voluntary, which creates both strengths (industry buy-in, rapid adaptation) and weaknesses (no legal enforcement, incomplete coverage).

Protocol Evolution

The IGSC has updated its protocol over time:

Version 1.0 (2009): Initial framework
Version 2.0 (2017): Enhanced specificity
Version 3.0 (September 2024): Current standard with increased uniformity and accuracy

Version 3.0 represents significant improvements in screening specificity and operational guidance.

Sequence Screening Requirements

IGSC members must screen:

Minimum length: 200 base pairs or longer (IGSC v3.0 maintains this threshold; separately, 2023 HHS guidance encourages providers to screen down to 50+ bp, though HHS guidance remains voluntary for non-federally-funded research)

Process: 1. Compare complete sequence against RPD 2. Screen against internationally coordinated databases (NCBI/GenBank, EBI/EMBL, DDBJ) 3. Translate all six reading frames into amino acids 4. Screen protein sequences against RPD-derived proteins 5. Flag matches based on identity thresholds

Oligonucleotide pools: Protocol recommends biosecurity screening for pooled oligonucleotides (though implementation varies by provider)

Automated initial screening → Human expert review → Decision

Economic Reality of Screening Friction

Legitimate researchers sometimes ask: how much does screening actually cost? For routine orders (no sequence match), screening adds no perceptible delay or cost, it’s built into processing. For flagged orders, synthesis companies report typical review times of 2-5 business days and may charge modest verification fees. For legitimate researchers with proper documentation, the friction is manageable. For someone trying to order dangerous sequences without credentials or justification, that friction becomes a barrier, which is the point.

Customer Screening Requirements

For all orders: - Customer identification data (name, shipping address, institution, country, phone, email) - Verification of legitimacy during onboarding

For select agent/toxin sequences: - Suppliers only sell to legitimate government, university, non-profit, or industrial labs - Significant portions of regulated genomes require written intended use description - Institutional verification

Record Keeping

IGSC members retain for minimum 8 years: - Every synthesized gene sequence - Vector information (if applicable) - Recipient identity and shipping address - Every gene sequence screening result

This creates an audit trail for post-incident attribution and helps identify patterns of concerning orders.

Order Refusal and Reporting

Members reserve the right to: - Refuse any order without explanation - Notify other IGSC members about problematic orders - Report to law enforcement or intelligence authorities

Some companies maintain relationships with FBI Weapons of Mass Destruction Directorate for consultation on ambiguous cases. Certain orders may also trigger Bureau of Industry and Security (BIS) export control reviews if they involve controlled dual-use items under the Export Administration Regulations.

The Regulatory Landscape

2010 HHS Guidance: Foundation and Limitations

In 2010, the U.S. Department of Health and Human Services issued its Screening Framework Guidance for Providers of Synthetic Double-Stranded DNA. This voluntary framework established:

Sequence screening: - Focus on synthetic double-stranded DNA (dsDNA) - 200 base pair minimum screening threshold - Comparison against select agent lists

Customer screening: - Identity verification - Institutional legitimacy checks - Compliance with export control regulations

Purpose: Prevent malicious actors from obtaining genetic material to create select agents by bypassing existing regulations.

Critical limitation: The guidance was voluntary. No legal requirement, no enforcement mechanism, only industry goodwill.

For comprehensive screening policy analysis, RAND’s 2024 report on securing commercial nucleic acid synthesis reviews government guidelines, industry consortium requirements, and legislative proposals. The report provides specific recommendations for implementing screening policies, including decision criteria and conformity assessment tools for providers, going beyond existing frameworks in operational detail.

2010 Guidance Can’t Keep Pace with Current Technology

The 2010 framework predates: - Benchtop DNA synthesizers (2015+) enabling on-site synthesis without ordering from providers - Widespread CRISPR genome editing (2012+) allowing assembly of fragments into functional genomes - AI protein/genome design tools (2020+) creating novel sequences without homology to known threats - Expanded RNA synthesis capacity for mRNA therapeutics (2020+)

The guidance focuses on double-stranded DNA from centralized providers. Single-stranded DNA, RNA synthesis, oligonucleotide fragments (<200 bp), and benchtop devices fall into regulatory gray zones. The gap between 2010 policy and current capability is measured in biological revolutions.

2023-2024 Framework Updates

HHS released an updated Framework for Nucleic Acid Synthesis Screening in October 2023, followed by the April 2024 OSTP Framework:

Key improvements (2023-2024): - Expands beyond select agents to broader “Sequences of Concern” - Encourages screening at 50+ bp (down from 200 bp) - Addresses oligonucleotide pools and benchtop synthesizers - Mandatory for federally funded research (effective April 26, 2025) - Federal funding recipients must procure from compliant providers

Remaining gaps: - Still voluntary for non-federally-funded research - Limited enforcement mechanisms for private sector - International harmonization incomplete

May 2025 Executive Order 14292

Executive Order 14292 (“Improving the Safety and Security of Biological Research”) directed OSTP to revise the 2024 Framework within 90 days, citing need for:

“Verifiable” screening mechanisms with enforcement accountability
Strategy for non-federally-funded research screening
Violations may result in funding revocation and up to 5-year grant ineligibility

Current Regulatory Uncertainty (December 2025)

The 90-day revision deadline (August 2025) passed without a new framework being announced. NIH has indicated continued adherence to the 2024 version, but other agencies have paused implementation pending clarification. Check ASPR S3 for current status.

Critical Gaps in Current Screening

Gap 1: Oligonucleotide Fragments

Short oligonucleotides (typically under 200 base pairs) are often unscreened or minimally screened. The problem: they can be assembled into longer dangerous sequences using standard molecular biology techniques.

The “fragmentation attack” scenario:

Malicious actor designs dangerous sequence (e.g., virulence factor, toxin gene)
Fragments sequence into overlapping oligonucleotides, each <200 bp
Orders fragments from different suppliers (no single order looks dangerous)
Assembles fragments in their own lab using Gibson assembly, Golden Gate, or similar methods
Result: functional dangerous gene without triggering screening

RAND Corporation, NTI, and NSABB (National Science Advisory Board for Biosecurity) analyses have all highlighted this vulnerability. A 2025 RAND report on protecting biological materials further identifies critical chokepoints in the biological supply network where monitoring could prevent misuse, noting that fragmented oversight and the rise of DIY biology movements create exploitable gaps requiring coordinated intervention across providers and regulators.

Challenge: Screening every oligonucleotide order is computationally intensive and creates false positives. Legitimate research uses oligonucleotides constantly (primers, probes, CRISPR guide RNAs). Flagging all of them would paralyze molecular biology.

Potential solutions: - Lower screening threshold to 50 bp (computationally expensive) - Pattern detection across orders (privacy and data sharing challenges) - Behavioral monitoring (red flags like many small orders from same customer)

Gap 2: Benchtop DNA Synthesizers, The Fundamental Threat to Chokepoint Strategy

Benchtop DNA synthesizers represent the most serious long-term threat to DNA synthesis screening as a biosecurity strategy. Unlike other gaps discussed in this chapter, benchtop synthesis doesn’t just create a loophole in the current system. It fundamentally undermines the entire chokepoint model that makes centralized screening possible.

The Technology Landscape

Centralized DNA synthesis screening assumes orders flow through commercial providers who submit sequences to IGSC protocols or comply with HHS/OSTP requirements. This model faces a fundamental challenge from emerging benchtop DNA synthesizers that enable on-site, in-house synthesis without external oversight.

Current benchtop synthesis platforms:

DNA Script: Enzymatic DNA synthesis platform enabling on-demand oligonucleotide production in individual laboratories. Their SYNTAX system uses template-free enzymatic synthesis, eliminating the need to order oligonucleotides from commercial providers.
Ansa Biotechnologies: Demonstrated direct synthesis of 1,005-base oligonucleotides in a single synthesis (March 2023). Now offers fragments up to 600 bp and clonal DNA up to 50 kb.
Nuclera: Desktop biofoundry combining DNA synthesis with automated molecular biology workflows. Markets directly to academic and biotech labs for in-house sequence production.
Twist Bioscience: While primarily a commercial synthesis provider, also developing silicon-based synthesis platforms that could eventually be deployed as benchtop devices.

These technologies are advancing rapidly, with synthesis length, fidelity, and throughput improving each year. What required centralized facilities five years ago can now be done on a lab bench.

The Screening Bypass Problem

Why benchtop synthesizers break the chokepoint model:

No commercial provider involvement: A determined actor could potentially acquire a benchtop synthesizer, synthesize concerning sequences without external oversight, and bypass the entire IGSC/OSTP screening infrastructure.
One-time customer verification: Unlike commercial synthesis where each order triggers screening, benchtop devices are screened (if at all) only once at the point of purchase. Subsequent sequences synthesized on that device receive no external review.
No sequence audit trail: Commercial providers maintain 8-year records of synthesized sequences for attribution and pattern detection. Benchtop synthesis creates no such centralized record unless manufacturers build it into the device.
Fragmentation enables evasion: Even if device purchase screening exists, an actor could fragment dangerous sequences across multiple legitimate-seeming oligonucleotides, synthesize them on a benchtop device, and assemble them using standard molecular biology techniques (Gibson assembly, Golden Gate cloning).

The attack scenario biosecurity experts worry about: - Actor establishes legitimate research credentials (or works at legitimate institution) - Purchases benchtop synthesizer for ostensibly legitimate research purposes - Device is delivered with minimal or no sequence-level screening capability - Actor synthesizes oligonucleotide fragments encoding dangerous sequences - No external provider screens the sequences; no pattern detection across orders - Actor assembles fragments into functional dangerous construct - Entire process occurs without triggering any biosecurity checkpoint

Policy and Governance Gaps

Current regulatory landscape for benchtop devices:

The 2010 HHS guidance predates widespread benchtop synthesis technology. The 2023 HHS Framework update acknowledges the challenge but provides limited enforceable requirements. Neither framework currently mandates: - Embedded screening capabilities in benchtop devices - Cloud-based sequence screening before synthesis occurs - Manufacturer-maintained audit logs of synthesized sequences - Device-level controls preventing synthesis of flagged sequences

This creates a fundamental gap: the chokepoint strategy requires centralized screening, but technology is rapidly decentralizing synthesis capability.

Potential Solutions: The IBBIS Common Mechanism

IBBIS (International Biosecurity and Biosafety Initiative for Science, launched 2024) now operates the Common Mechanism, providing free, open-source screening tools:

What’s now available: - commec: Free, distributed, open-source screening software - Designed as global baseline for nucleic acid synthesis screening - Supports compliance with national and international requirements - Includes resilience to AI-generated sequences and subversion attempts

Technical approach: - Sequence screening against curated databases - Customer screening resources and guidance - Can integrate with benchtop devices (manufacturer adoption required) - Regular maintenance updates for evolving threats

Remaining challenges: - Benchtop manufacturers must voluntarily adopt (no current legal requirement) - Cybersecurity risks of cloud-connected lab devices - Potential for modified or counterfeit devices without screening - International coordination required (can’t just regulate U.S.-sold devices) - Enforcement mechanisms for non-compliant manufacturers

Benchtop Synthesizers: The Screening Bypass

Imagine buying a printer that lets you print your own money. That’s the biosecurity concern with unregulated benchtop DNA synthesizers. Current screening works because dangerous sequences must pass through commercial providers who check them. Benchtop devices move synthesis in-house, eliminating that chokepoint.

Market analyses suggest benchtop synthesis capacity could reach 10-20% of total gene synthesis capacity within a decade, creating a substantial screening bypass. Without integrated screening requirements, we’re building a biosecurity gap into the technology itself.

The IBBIS Common Mechanism provides free tools, but adoption remains voluntary. Making it mandatory globally will require significant regulatory coordination across manufacturers, governments, and research institutions.

Gap 3: Unscreened Capacity

IGSC membership represents approximately 80% of global commercial gene synthesis capacity. That leaves an estimated 20% unscreened (Arms Control Association).

Unscreened providers include: - Smaller synthesis companies (especially outside U.S./Europe) - Academic core facilities offering synthesis services - Companies in countries without established biosecurity frameworks - Grey market providers

A malicious actor denied service by IGSC members could shop around for unscreened providers. The Arms Control Association analysis notes this creates a significant loophole.

Solutions: - Mandatory screening requirements (requires legislation) - International harmonization of standards - Expansion of IGSC membership - Customer education (reputable researchers use IGSC members)

Gap 4: AI-Designed Novel Sequences

Current screening relies on BLAST-based sequence homology, comparing ordered sequences against databases of known pathogens (bioRxiv 2024). This gap moved from theoretical to demonstrated in October 2025.

Demonstrated: AI Tools Can Evade Screening (October 2025)

Microsoft researchers published in Science showing that open-source AI protein design tools could redesign known toxins to evade BLAST-based screening while computer models predicted the proteins would retain harmful function. Working with IGSC and major synthesis providers (Twist Bioscience, IDT), they developed patches now deployed globally. The fix catches approximately 97% of AI-designed evasion attempts, but gaps remain.

Key findings: - AI tools generated thousands of toxin variants that evaded detection - No physical proteins were produced (research done entirely digitally) - Patches improve screening but aren’t complete solutions - Function-based screening remains the longer-term need

Emerging approaches to close this gap: - Function-based screening: Predict protein function from sequence, flag dangerous functions even without homology - Machine learning classifiers: Train models on dangerous vs. safe sequences, detect novel threats - Protein structure prediction: Use AlphaFold-like models to infer function from predicted structure

SecureDNA now provides free, privacy-preserving screening for sequences 30+ nucleotides, having screened 67 million nucleotides across providers in the US, Europe, and China. Their system already exceeds current regulatory requirements and includes protections against AI-designed evasion.

Customer Verification in Practice

The KYC Framework for Biosecurity

Know Your Customer (KYC) approaches, adapted from financial services anti-money laundering practices, help verify legitimacy of DNA synthesis customers.

The International Biosecurity and Biosafety Initiative for Science (IBBIS) provides resources for synthesis providers to implement KYC:

Identity signals: - Government-issued ID verification - Institutional email domain verification (@university.edu, @institute.org) - Publication history (ORCID, PubMed, Google Scholar) - Professional licenses or credentials

Institutional signals: - Research Organization Registry (ROR) verification - NIH grant numbers or other funding verification - Institutional biosafety committee registrations - Prior order history (established customer?)

Risk scoring: - BioSecure framework proposes AI-enabled cumulative risk assessment - Combine multiple verification signals into confidence score - Higher-risk sequences require higher confidence in customer

Red Flags That Trigger Enhanced Screening

A synthesis company told me about customer behaviors that always trigger enhanced review: - Residential shipping address for select agent sequences (why not institutional lab?) - Reluctance to provide intended use description - Email domain doesn’t match claimed institution - No publication history but ordering complex sequences - Requests to fragment single sequence across multiple orders - Cash payment offers (standard is institutional purchase orders) - Evasiveness when asked basic research questions

None of these alone proves malicious intent, but they raise questions legitimate researchers can easily answer.

The “Trust but Verify” Challenge

Customer screening faces a fundamental tension: you want to prevent misuse without creating excessive friction for legitimate research.

Too strict: Legitimate researchers face delays, increased costs, bureaucratic burden. Science slows down.

Too permissive: Malicious actors slip through. Biosecurity fails.

Current approaches err toward permissive for established customers at reputable institutions, strict for new customers or concerning sequences. This makes sense since most research is legitimate, but it creates windows for insider threats or compromised credentials.

Future Approaches and Policy Needs

Toward Mandatory Screening

The April 2024 OSTP Framework makes screening mandatory for federally funded research (effective April 2025), and Executive Order 14292 directs expansion to non-federally-funded settings. But voluntary frameworks have limits:

Arguments for mandatory screening: - Closes the 20% unscreened capacity gap - Creates level playing field (all providers follow same rules) - Enables enforcement and penalties for non-compliance - Sends clear policy signal about biosecurity priority

Arguments for voluntary approaches: - Industry self-regulation responds faster to technological change - Mandatory requirements may be overly burdensome - International harmonization difficult with mandatory national requirements - Risk of driving synthesis to unregulated jurisdictions

Most biosecurity experts favor mandatory screening with international coordination. The challenge is implementation.

International Harmonization

DNA synthesis is a global industry. A U.S.-only mandatory framework just shifts orders to providers in other countries. Effective screening requires international agreement.

Efforts toward harmonization: - IGSC: Multinational membership, harmonized protocol - Australia Group: 43 countries coordinating export controls - Biological Weapons Convention: 184 state parties (but no verification mechanism for DNA synthesis) - IBBIS Common Mechanism: Free, open-source screening tools designed as global baseline - ISO 20688-2:2024: International standard for production and quality control of synthesized gene fragments includes biosecurity provisions

Progress is slow. Biosecurity competes with commercial interests, national sovereignty concerns, and lack of urgency (no major DNA synthesis-enabled attack has occurred yet).

Function-Based Screening

As the October 2025 Microsoft/Science paper demonstrated, homology-based screening has fundamental limits. Screening must evolve to function-based approaches (does it do dangerous things, regardless of sequence similarity?).

Technical approaches: - Protein function prediction: Use AlphaFold, ESMFold, or similar models to predict structure/function from sequence - Danger classifiers: Train ML models on dangerous vs. benign sequences, flag novel threats - Pathway analysis: Identify if sequence encodes steps in biosynthesis of toxins or virulence factors

SecureDNA already incorporates some function-based protections. Broader adoption remains computationally challenging and prone to false positives.

The False Positive Dilemma

Function-based screening sounds perfect: catch dangerous sequences regardless of homology to known threats. But predicting protein function from sequence alone is hard. Even minor prediction errors create false positives: benign sequences flagged as dangerous. Flag too many legitimate orders and researchers abandon your service. Miss actual threats and biosecurity fails. Finding the right threshold is less a technical problem than a values question: how much friction is acceptable for how much security? There’s no perfect answer, only tradeoffs.

Common Questions

How does DNA synthesis screening work and what are the two layers of protection?

DNA synthesis screening uses a defense-in-depth strategy with two complementary layers. Sequence screening compares ordered DNA against Regulated Pathogen Databases (U.S. Select Agents, Australia Group, EU dual-use lists) using BLAST similarity matching. The system translates sequences into all six reading frames to detect codon-optimized evasion attempts. Customer screening verifies identity, institutional affiliation, publication history, and intended use through Know Your Customer processes. For select agent sequences, both layers must pass: the sequence must be justified scientifically and the customer must provide institutional biosafety committee approvals and proof of appropriate containment facilities.

What is the current regulatory status of DNA synthesis screening in the United States?

The regulatory landscape has evolved significantly but remains uncertain. The 2010 HHS guidance established voluntary screening for double-stranded DNA over 200 base pairs. The April 2024 OSTP Framework made screening mandatory for federally funded research effective April 2025, requiring federal funding recipients to procure from compliant providers. Executive Order 14292 in May 2025 directed framework revision within 90 days, citing need for verifiable enforcement and strategy for non-federally-funded research. The revision deadline passed in August 2025 without new framework being announced, creating current regulatory uncertainty as agencies await clarification.

What are benchtop DNA synthesizers and why do they threaten the screening chokepoint model?

Benchtop DNA synthesizers from companies like DNA Script, Ansa Biotechnologies, and Nuclera enable on-site DNA synthesis in individual laboratories without ordering from commercial providers. This fundamentally undermines the chokepoint strategy: instead of each sequence triggering screening at a commercial provider, benchtop devices are screened only once at purchase. Subsequent sequences synthesized on the device receive no external review unless manufacturers build screening into the device. A determined actor could potentially acquire a benchtop synthesizer through legitimate channels, then synthesize concerning sequences without external oversight. The IBBIS Common Mechanism provides free screening software that can integrate with benchtop devices, but manufacturer adoption remains voluntary.

How do AI-designed sequences evade current screening and what solutions exist?

Current screening relies on BLAST-based sequence homology, comparing ordered sequences against databases of known pathogens. In October 2025, Microsoft researchers demonstrated in Science that AI protein design tools could redesign known toxins to evade BLAST-based screening while computer models predicted the proteins would retain harmful function. Working with IGSC and synthesis providers, they developed patches now deployed globally that catch approximately 97% of AI-designed evasion attempts, but gaps remain. Solutions include function-based screening that predicts protein function from sequence regardless of homology, machine learning classifiers trained on dangerous versus safe sequences, and protein structure prediction using AlphaFold-like models. SecureDNA provides free screening for sequences 30+ nucleotides with protections against AI-designed evasion.

What is the oligonucleotide fragmentation attack and why is it hard to prevent?

The fragmentation attack exploits the 200 base pair screening threshold: a malicious actor could design a dangerous sequence, fragment it into overlapping oligonucleotides each under 200 bp, order fragments from different suppliers, and assemble them using standard molecular biology techniques like Gibson assembly or Golden Gate cloning. No single order looks dangerous, yet the assembled product is functional. RAND, NTI, and NSABB analyses have all highlighted this vulnerability. Prevention is challenging because screening every oligonucleotide order creates computational burden and false positives that would paralyze legitimate research, which constantly requires oligonucleotide orders for primers, probes, and CRISPR guide RNAs. Potential solutions include lowering screening threshold to 50 bp, pattern detection across orders, and behavioral monitoring for red flags like many small orders from the same customer.

Why is international harmonization of screening standards important?

DNA synthesis is a global industry. A U.S.-only mandatory framework would shift orders to providers in other countries without screening requirements, undermining the chokepoint strategy. Effective screening requires international agreement so malicious actors cannot simply shop for unscreened providers in permissive jurisdictions. Current harmonization efforts include the IGSC’s multinational membership with Harmonized Screening Protocol, the Australia Group coordinating export controls across 43 countries, the IBBIS Common Mechanism providing free global baseline screening tools, and ISO 20688-2:2024 international standard including biosecurity provisions. Progress is slow because biosecurity competes with commercial interests, national sovereignty concerns, and lack of urgency since no major DNA synthesis-enabled attack has occurred yet.

This chapter is part of The Biosecurity Handbook.