The Biosecurity Handbook: A Practical Guide to Biological Security and AI-Biosecurity Convergence

Q: What is The Biosecurity Handbook about?

The Biosecurity Handbook bridges classical biosecurity frameworks and emerging AI-biological risks. It provides actionable guidance for policymakers, institutional biosafety committees, AI labs, and public health professionals based on peer-reviewed research, government documents, and technical assessments. The handbook addresses persistent gaps in biosecurity governance, how AI changes the threat landscape, and provides priority recommendations across policy, technology, and institutional practice.

Q: Who should read The Biosecurity Handbook?

This handbook is designed for policymakers developing biosecurity regulations, institutional biosafety committees overseeing dual-use research, AI laboratory leaders implementing responsible scaling policies, and public health professionals working on pandemic preparedness. It serves professionals who need evidence-based guidance on navigating the intersection of biological threats, laboratory safety, and emerging AI capabilities.

Q: What are the key findings of The Biosecurity Handbook?

The handbook identifies three critical findings. First, classical biosecurity gaps persist including the Biological Weapons Convention's lack of verification mechanisms and incomplete DNA synthesis screening coverage. Second, AI changes the threat landscape through mild uplift to novices, erosion of the tacit knowledge barrier via multimodal systems, and emerging benchtop DNA synthesis that bypasses screening. Third, international governance remains fragmented with implementation varying significantly across countries despite binding frameworks like UNSCR 1540.

Tegomoh, Bryan

Executive Summary

Purpose

This handbook bridges classical biosecurity frameworks and emerging AI-biological risks. It draws on peer-reviewed research, government documents, and technical assessments to provide actionable guidance for policymakers, institutional biosafety committees, AI labs, and public health professionals.

Key Findings

Classical Biosecurity Gaps Persist

The Biological Weapons Convention lacks verification. 189 States Parties have joined the BWC, but the treaty has no inspections, no monitoring, and no penalties for violations. The 2001 collapse of verification protocol negotiations ended prospects for binding compliance mechanisms. Major historical violations (Soviet Biopreparat, Iraq, apartheid South Africa) were discovered through defectors and intelligence, not treaty mechanisms.

DNA synthesis screening provides meaningful but incomplete protection. The IGSC Harmonized Screening Protocol covers approximately 80% of global commercial synthesis capacity. Critical gaps remain: oligonucleotides under 200 bp often escape screening, benchtop DNA synthesizers bypass centralized providers entirely, and AI-designed sequences can evade database matching (demonstrated October 2025, patches deployed but only catch ~97% of attempts).

Laboratory biosafety depends on institutional culture, not just containment. High-consequence pathogens require BSL-3 or BSL-4 facilities, but accidents occur when norms erode and procedures become routine. The 1979 Sverdlovsk anthrax release killed at least 66 people due to procedural failures at a Soviet bioweapons facility.

AI Changes the Threat Landscape

LLMs provide mild uplift to novices, limited benefit to experts. Controlled studies from RAND, OpenAI, and Anthropic show large language models offer “at most mild uplift” in biological threat capability. Current models aggregate publicly available information more efficiently than search engines but do not provide novel dangerous knowledge. However, these findings represent snapshots of specific model versions; capabilities advance rapidly.

The tacit knowledge barrier is eroding. Multimodal AI systems with vision capabilities (GPT-5.2, Gemini 3, Claude Opus 4.5) can now observe laboratory technique via video and provide real-time coaching. Cloud laboratories enable remote experiment execution by robotic systems. Together, these technologies narrow the hands-on skills gap that has historically limited biological threats.

Benchtop DNA synthesis may become the defining governance challenge. Platforms from DNA Script, Ansa Biotechnologies, and Nuclera enable on-site DNA synthesis without commercial provider screening. Market analyses suggest benchtop capacity could reach 10-20% of total gene synthesis within a decade. The IBBIS Common Mechanism (launched 2024) provides free, open-source screening tools, but manufacturer adoption remains voluntary with no enforcement mechanism.

International Governance Remains Fragmented

UNSCR 1540 addresses non-state actor proliferation but implementation varies. Unlike the BWC, UN Security Council Resolution 1540 (2004) creates binding obligations to prevent non-state actors from accessing WMD materials. All UN member states have submitted implementation reports, but quality and enforcement capacity differ significantly across countries.

The Australia Group harmonizes export controls among 43 countries. Participating states coordinate controls on biological agents, dual-use equipment, and related technologies. However, major biotechnology producers China and India are not members, creating gaps in the global export control network.

No country is fully prepared for biological events. The Global Health Security Index consistently shows dangerous unpreparedness globally, including in well-resourced health systems. Gaps exist across prevention, detection, response, and health system resilience.

Priority Recommendations

For Policymakers

Mandate DNA synthesis screening with benchtop device requirements. The April 2024 OSTP Framework made screening mandatory for federally funded research (effective April 2025), and Executive Order 14292 (May 2025) directs expansion to non-federal settings, but the revision deadline passed without a new framework. Establish binding requirements for:

Sequence screening for all orders above 50 bp (lowered from 200 bp threshold)
Embedded screening in benchtop synthesis devices before market authorization
Manufacturer-maintained audit logs for attribution and pattern detection
International coordination to prevent jurisdiction shopping

Establish AI-biosecurity evaluation standards. Current uplift studies use inconsistent methodologies and measure information access rather than operational capability. Require:

Standardized evaluation protocols across AI labs
Continuous monitoring as models advance (not one-time assessments)
Third-party verification of biosecurity claims
Transparency on evaluation results for models deployed to the public

Strengthen BWC implementation without waiting for verification. Political consensus for binding verification does not exist. Instead:

Increase ISU funding and staff to support States Parties implementation
Require national biosecurity strategies as BWC compliance measure
Establish regional Centers of Excellence for capacity building
Create consequences for non-participation in Confidence-Building Measures

Integrate One Health approach across biosecurity governance. Approximately 60-75% of emerging infectious diseases are zoonotic. Require:

Cross-sector coordination between human medicine, veterinary, and environmental health
Surveillance systems that track pathogens across species interfaces
Biosafety regulations that address animal reservoirs and agricultural biosecurity

For AI Laboratories

Implement responsible scaling policies with biosecurity thresholds. Define capability levels that trigger enhanced safeguards:

ASL-3: Models providing weapons-grade instructions require government collaboration
Continuous red-teaming for biological threat scenarios
Jailbreak resilience testing before deployment
Publication of evaluation methodologies and results

Restrict frontier model access for high-risk use cases. Deploy tiered access controls:

Enhanced verification for users requesting biological sequence generation
Usage monitoring for repeated dual-use queries
Integration with DNA synthesis screening databases where technically feasible

Support defensive biosecurity research. AI capabilities can strengthen detection and countermeasures:

Pathogen genomic surveillance and variant tracking
Medical countermeasure design and optimization
Metagenomic sequencing analysis for outbreak investigation

For Institutional Biosafety Committees

Expand DURC review beyond federally funded research. Current oversight covers only NIH-funded work on 15 specified pathogens. Implement:

Review of privately funded gain-of-function research
Assessment of AI-assisted experimental design for dual-use risks
Evaluation of cloud laboratory use for sensitive protocols
Training on information hazard assessment

Establish physical security standards beyond containment. Insider threats require more than BSL-level containment:

Multi-person verification for select agent access
Inventory management with real-time tracking
Personnel reliability programs for high-consequence pathogen work
Behavioral monitoring for concerning pattern recognition

Require incident reporting and lessons learned. Laboratory accidents and near-misses provide critical safety information:

Mandatory reporting of all exposures and containment breaches
Anonymized sharing of incident analyses across institutions
Integration with national biosafety databases
Regular safety culture assessments to identify normalization of deviance

For Research Institutions

Implement responsible information practices for dual-use findings. Publication of dangerous biological knowledge requires risk assessment:

Pre-publication review of manuscripts describing novel pathogen enhancement
Redaction of specific methodological details when justified by biosecurity concerns
Consultation with biosecurity experts before submission to journals
Balance between scientific transparency and information hazard mitigation

Develop biosecurity training for synthetic biology and AI-biology researchers. Current biosafety training focuses on containment, not dual-use risks:

Required coursework on DURC, information hazards, and responsible research
Case studies of historical biological weapons programs and accidents
Ethical frameworks for navigating beneficial vs. harmful applications
Integration into graduate programs, not just post-appointment training

Threat Prioritization

Based on current evidence, likelihood, and potential consequences:

Tier 1: Highest Priority 1. Laboratory accidents involving high-consequence pathogens (demonstrated risk, recurring incidents) 2. Benchtop DNA synthesis without screening (capability gap growing rapidly) 3. State bioweapons programs (historical precedent, BWC verification gaps)

Tier 2: Moderate Priority 4. Non-state actor acquisition of dangerous biological materials (capability barriers remain high) 5. AI-enabled novice uplift to dangerous biology (mild uplift demonstrated, monitoring essential) 6. Information hazards from published gain-of-function research (case-by-case assessment required)

Tier 3: Emerging Concerns 7. AI-designed functional pathogens with full end-to-end capability (AI can evade screening, but wet-lab execution barriers remain) 8. Autonomous AI research agents with cloud laboratory access (technical integration not yet achieved) 9. Gene drives for ecological disruption (containment strategies under development)

Implementation Timeline

Immediate (0-6 months):

Establish standardized AI biosecurity evaluation protocols
Expand ISU staffing and funding for BWC implementation support
Require biosafety committee review of cloud laboratory use for select agent work

Near-term (6-18 months):

Mandate benchtop DNA synthesizer screening requirements before new devices reach market
Lower DNA synthesis screening threshold from 200 bp to 50 bp
Develop One Health surveillance integration plans across human, animal, environmental sectors

Medium-term (18-36 months):

Implement international coordination mechanism for synthesis screening (prevent jurisdiction shopping)
Establish regional biosecurity Centers of Excellence for capacity building
Create binding consequences for BWC Confidence-Building Measure non-participation

Long-term (3-5 years):

Achieve global DNA synthesis screening coverage above 95% of commercial capacity
Integrate AI red-teaming requirements into regulatory frameworks
Develop function-based (not just homology-based) sequence screening capabilities

Measurement and Accountability

Track progress through:

BWC implementation: States Parties submitting annual CBMs (current: ~50%, target: >90%)
DNA synthesis screening: Global capacity coverage (current: ~80%, target: >95%)
Laboratory safety: Incident reporting rates and severity trends
AI evaluations: Number of models assessed using standardized biosecurity protocols
Preparedness: Global Health Security Index scores across prevention, detection, response

Conclusion

Three principles guide effective biosecurity:

Prevention through friction: Raise costs and complexity of misuse without blocking legitimate research
Defense in depth: Layer multiple imperfect barriers rather than relying on single solutions
Continuous adaptation: Technology advances exponentially; governance must keep pace

The recommendations above are achievable with political will and adequate resources. Delay increases risk.