《美國安全與新興技術中心：2024預測生物風險：戰略生物安全政策工具包（英文版）（40頁）.pdf》由會員分享，可在線閱讀，更多相關《美國安全與新興技術中心：2024預測生物風險：戰略生物安全政策工具包（英文版）（40頁）.pdf（40頁珍藏版）》請在三個皮匠報告上搜索。

1、Issue BriefDecember 2024Anticipating Biological RiskA Toolkit for Strategic Biosecurity PolicyAuthorSteph Batalis Center for Security and Emerging Technology|1 Executive Summary Biological threats from pathogens and toxins have the capacity to cause significant and widespread harm,regardless of whet

2、her they are natural or engineered,intentional or unintentional.Although recent news and policy discussions have focused on biological threats that are enhanced or enabled by artificial intelligence(AI),pathogens and toxins can already cause harm without this emerging technology.To counter biologica

3、l threats regardless of source,policymakers need a range of governance tools and mitigation measures upon which to draw.The first step in building such a toolkit is to understand what the process resulting in biological harm looks like for various scenarios.Then a suite of policy options can be asse

4、mbled to intervene at points throughout the process.This report addresses two generalized scenarios that can result in biological harm.The first outlines the steps that a malicious actor may take to intentionally generate and deploy a pathogen or toxin(marked with a target icon throughout the report

5、 ).The second describes actions that could result in an unintentional laboratory accident during legitimate scientific research(marked with a test tube icon ).Each scenario involves completing a series of planning and physical stages,which offer multiple opportunities to build policy toolkits with a

6、 variety of mechanisms.While describing each pathway,this report also takes stock of the many recommendations that have been made to strengthen U.S.biosecurity and biodefense,and maps these to the steps and scenarios where they would apply.In doing so,we identify governance gaps,along with opportuni

7、ties to address them by implementing new safeguards or improving existing ones.Key findings include:Some safeguards apply to both intentional misuse and legitimate scientific research,while others are specific to one scenario.Research oversight mechanisms are primarily leveraged against federally fu

8、nded research,leaving both regulatory and visibility gaps for nonfederally funded research.Biosafety,biosecurity,and biodefense responsibilities span government missions,departments,and agencies and require increased coordination.Effective oversight would benefit from a biological risk framework tha

9、t clearly and specifically defines concerning outcomes.The options presented throughout this report are part of a comprehensive toolkit that policymakers can apply across the entire biological risk pathway.These solutions are Center for Security and Emerging Technology|2 designed to mitigate biologi

10、cal harm from a variety of sources,including the AI-relevant concerns that are the focus of considerable current attention.By layering safeguards across multiple steps,policymakers can apply the tools described in this report to more effectively address both AI-enhanced and AI-agnostic threats witho

11、ut unduly hindering scientific innovation.Figure A:Simplified View of Pathways that Result in Biological Harm from a Pathogen or Toxin*Source:CSET.Note:Dashed blue line denotes the Planning-to-Physical transition,and red boxes denote harmful outcomes.*Figure A in the executive summary is the same as

12、 Figure 4 below.Center for Security and Emerging Technology|3 Table of Contents Executive Summary.1 Introduction.4 A Policy Toolkit for Two Biorisk Pathways.6 Planning and Design and Physical Execution Phases.6 Phase 1:Planning and Design.8 Step:Ideation or Hypothesis Generation .8 Step:Research Pla

13、nning(Information-Gathering,Optional Biological Design).11 Step:Acquire Research Funding .17 Phase 2:Physical Execution.18 Step:Acquire Materials .19 Step:Physical Handling(Experimentation and Production ,Weaponization).22 Outcome:Release and Exposure(Intentional Deployment or Accidental Containment

14、 Breach).24 Outcome:Potential Spread .26 Outcome:Scientific Findings and Potential Information Hazard .27 Concluding Thoughts.29 Author.31 Acknowledgments.31 Endnotes.32 Center for Security and Emerging Technology|4 Introduction Pathogens and toxins are at the center of some of the most pressing bio

15、defense concerns.The threat landscape for biological harms from pathogens and toxins is large and diverse,ranging from naturally occurring diseases that pass from animals to humans,to the increasing incidence of antimicrobial-resistant infections,to accidental biological incidents such as laboratory

16、 accidents due to human or mechanical errors,to deliberate biological threats from malicious actors.1 Recently,the concern has expanded to include biological threats that are intentionally or unintentionally enabled,accelerated,or otherwise augmented by artificial intelligence.2 References to AI-enh

17、anced biological threats have made their way into both public and policy discussions,including concerns that AI tools could help a potential bioterrorist to make their plans of misuse or to design more specific,targeted,or dangerous pathogens or toxins.3 Deciding how to govern these AI tools is part

18、icularly challenging,given that the same tools have already proven remarkably useful for legitimate scientific research,and are likely to contribute to future scientific,biomedical,public health,and environmental advances.Policymakers have a range of options in their governance toolkits to combat fo

19、reseeable biological harms.These are not just“AI solutions,”but rather span the multistep process that results in biological harm.By layering safeguards across multiple steps,policymakers can more effectively mitigate both AI-enhanced and AI-agnostic threats.For example,AI regulation is receiving co

20、nsiderable current attention but would only prevent certain types of biological risks.While model safeguards should be pursued,they should be viewed as one tool in a larger safety toolkit.A multilayered approach also benefits from being able to draw upon a robust community of biosafety and biosecuri

21、ty experts,who have already conducted decades of research on gaps and suggestions for U.S.biodefense.4 To implement layered safeguards,policymakers should first understand the multistep process that results in biological harm and which interventions could mitigate risk at various points.This report

22、outlines these steps for two scenarios that involve using or generating pathogens or toxins:(1)malicious actors intentionally misusing biology;(2)laboratory accidents during legitimate scientific research that result in the unintentional release of a biological agent.These two scenarios are the focu

23、s of this report because they have been at the center of recent attention,especially in relation to concerns about the possibility for AI to enhance harmful outcomes.Center for Security and Emerging Technology|5 This report also presents a suite of potential options to safeguard against accidental o

24、r intentional harm from pathogens and toxins,mapped to the most applicable step or steps in the pathway.These options include mitigation measures that have been previously suggested by various experts,along with considerations and challenges that policymakers should keep in mind while deciding which

25、,if any,tools to leverage.Mapping each scenario and its corresponding policy levers reveals the following key takeaways:Some safeguards apply to both intentional misuse and legitimate scientific research,while others are specific to one scenario.It will be important to ensure that future efforts ide

26、ntify the scenario they are trying to target in order to apply the correct policy tool.Future efforts could further assess how intentional misuse differs between state-and non-state actors,or which safeguards apply to domestic versus foreign actors.Research oversight mechanisms are primarily leverag

27、ed against federally funded research,leaving both regulatory and visibility gaps for non-federally funded research.Most of the research oversight discussed here uses federal research funding as the enforcement lever for safety or federal reporting measures.This leaves out research conducted without

28、federal funding that could still result in harmful or unintended outcomes.New oversight would be needed to monitor or regulate this type of research.Biosafety,biosecurity,and biodefense responsibilities span government missions,departments,and agencies and require increased coordination.As the steps

29、 and policy interventions throughout the biological risk pipeline demonstrate,a whole-of-government approach is needed to effectively safeguard against potential harms while promoting scientific research and innovation.The currently fragmented U.S.biodefense ecosystem raises regulatory and informati

30、on-sharing challenges that will require increased coordination,strategy,and integration among agencies to overcome.5 Effective oversight would benefit from a biological risk framework that clearly and specifically defines concerning outcomes.While biological risk is frequently cited as a concern for

31、 new technologies such as AI,there is no comprehensive understanding of what exactly is considered a risk and which specific outcomes are considered to be concerning.The lack of a clearly interpretable biological risk framework hinders the ability to prioritize threats and to design and test their c

32、orresponding safeguards.Center for Security and Emerging Technology|6 A Policy Toolkit for Two Biorisk Pathways This report will discuss the general,simplified steps for two pathways:a malicious actor who intentionally generates pathogens and toxins for misuse(marked with a target icon throughout th

33、is report ),and laboratory accidents that occur during legitimate scientific research(marked with a test tube icon ).Policy options are presented alongside the step or steps that they would be most likely to affect,all of which serve different purposes and act through various mechanisms.Note that wh

34、ile this report depicts these steps within a linear pathway,they can backtrack,repeat,or occur in a different order in real life.For example,research often involves troubleshooting experiments and iterating upon protocols,methods,and materials.These variations are not shown in the figures of this re

35、port in the interest of simplicity,but the associated risk mitigation strategies are applicable regardless of the steps order.Planning and Design and Physical Execution Phases The pathway to generate a pathogen or toxin is divided into two broad phases,Planning and Design as well as Physical Executi

36、on(Figure 1).In the Planning and Design phase,users generate a design for their desired product,and a detailed step-by-step plan for creating it.In the Physical Execution phase,users bring the plan out of the computer screen or lab notebook and into the real world by physically producing the pathoge

37、n or toxin.*In discussing the impact of AI on biosecurity,this is often called the Digital-to-Physical Transition because it describes the phase at which a computer prediction becomes a physical object.Center for Security and Emerging Technology|7 Figure 1:Simplified View of Pathways that Result in

38、Biological Harm from a Pathogen or Toxin Source:CSET.Note:Dashed blue line denotes the Planning-to-Physical transition,and red boxes denote harmful outcomes.Center for Security and Emerging Technology|8 Phase 1:Planning and Design The Planning and Design phase drafts the overall experimental and ope

39、rational protocol before it is physically set into motion.It generally includes conceptualization,gathering information,and designing the experimental research plan.These steps do not yet incorporate the materials or physical actions that result in real-world infections.The general steps in the Plan

40、ning and Design phase,and the policy options that could impact them,are shown in Figure 2.Figure 2.Steps and Policy Options in the Planning and Design Phase Source:CSET.Note:Blue boxes denote safeguards that are specific to intentional misuse or scientific research,while purple boxes denote safeguar

41、ds that apply to both scenarios.Step:Ideation or Hypothesis Generation Both malicious actors and well-intentioned scientists begin with an idea that guides subsequent steps in the pathway.For a malicious actor,this“ideation”step could be as general as deciding to pursue a biological weapon in the fi

42、rst place,or as specific as selecting a bioweapon type and target.For a researcher,“hypothesis generation”Center for Security and Emerging Technology|9 describes making a testable,educated guess informed by previous research experience,specific scientific goals,or open questions in the scientists fi

43、eld of interest.Policy Option:Enhance biosurveillance and bioattribution to deter malicious actors.Malicious actors may be less likely to pursue biological weapons if they think they are unlikely to be successful or likely to be caught.Demonstrating effective biosurveillance and bioattribution capab

44、ilities may increase the perception of these barriers:biosurveillance by rapidly detecting potentially disease-causing agents for mitigation before they can cause widespread harm,and bioattribution by determining the source of a biological agent,whether natural or engineered.Enhancing deterrence thr

45、ough biosurveillance and bioattribution could include the following actions:Improve and expand U.S.biosurveillance.At present,experts note that U.S.biosurveillance is hampered by fragmented federal responsibilities and the need for more effective programs and detection technologies.6 Experts point t

46、o a need for the United States to increase federal coordination,develop strategies and infrastructure for data collection and sharing among jurisdictions and agencies,and promote the development of pathogen-agnostic detection measures.7 Strengthen biological attribution to deter malicious actors.Res

47、ources that could improve the technical capacity to attribute biological agents include more robust scientific tools,methods,and reference databases,along with an expanded bioattribution workforce with the skills to use them.8 Other opportunities include establishing multilateral agreements for acce

48、ss to samples and associated data,implementing a U.S.national plan for bioattribution that clarifies departmental and agency roles and responsibilities,and increasing support for international efforts such as the UN Secretary-Generals Mechanism for Investigation of Alleged Use of Chemical and Biolog

49、ical Weapons.9 Center for Security and Emerging Technology|10 Box 1.Federal Research Oversight Mechanisms In the United States,a range of federal oversight mechanisms and regulations for legitimate biological research apply throughout the research cycle.With the exception of the Federal Select Agent

50、s Program,each of these mechanisms applies only to federally funded research.The NIH Guidelines for Research Involving Recombinant or Synthetic Nucleic Acid Molecules(NIH Guidelines),issued by the National Institutes of Health,direct Institutional Biosafety Committees(IBCs)to review research proposa

51、ls,conduct risk assessments,and determine containment procedures before researchers can initiate work involving recombinant or synthetic nucleic acid molecules,or organisms and viruses containing these molecules.The United States Government Policy for Oversight of Dual Use Research of Concern and Pa

52、thogens with Enhanced Pandemic Potential(DURC/PEPP Policy),issued by the Office of Science and Technology Policy(OSTP),addresses risks related to these areas.The DURC/PEPP Policy requires investigators and their institutions Institutional Review Entities(IREs)to develop risk-benefit assessments and

53、risk mitigation plans,and for the federal funding agency or department to review the potential risks and benefits of the proposed research to guide funding decisions.The Federal Select Agent Program(FSAP),jointly managed by the Centers for Disease Control and Prevention(CDC)within the U.S.Department

54、 of Health and Human Services(HHS)and the Animal and Plant Health Inspection Service(APHIS)within the U.S.Department of Agriculture(USDA),regulates the possession,use,and transfer of certain high-risk pathogens and toxins,called Biological Select Agents and Toxins(BSAT).FSAP registration is required

55、 for all entities in the United States that possess,use,or transfer any BSAT,and is not tied to federal research funding.The Executive Order 14110 on Safe,Secure,and Trustworthy Development and Use of Artificial Intelligence(2023 EO on AI),issued by the Biden Administration White House,and the accom

56、panying Framework for Nucleic Acid Synthesis Screening(OSTP Screening Framework),issued by OSTP,requires commercial synthetic nucleic acid providers to attest to screening orders to determine whether the requested sequence poses potential risk,and whether the customer has a legitimate use for it,for

57、 federally funded research projects.The Biosafety in Microbiological and Biomedical Laboratories(BMBL),issued by the CDC and NIH,describes biological risk groups and biosafety levels and establishes general biosafety practices,procedures,and equipment to guide the proper handling of infectious micro

58、organisms and hazardous biological materials.The BMBL contains best practices to use as guidance but is not a regulatory document.Center for Security and Emerging Technology|11 Step:Research Planning(Information-Gathering,Optional Biological Design)Once an actor or group has decided to generate a pa

59、thogen or toxin,the next step is to find or create a detailed,step-by-step protocol to guide future physical action.To make such a plan,an individual needs to understand scientific concepts,find relevant laboratory techniques and experimental protocols,and identify life sciences material providers.M

60、uch of this information could inform both malicious and legitimate outcomes,because the underlying scientific processes are the same regardless of the intended use.Scientific information can be accessed from a range of sources,including the researchers preexisting scientific expertise,non-AI resourc

61、es on the internet or at a library,and AI chatbots such as ChatGPT.10 A chatbot may be especially appealing to non-experts due to its perceived ease of use,conversational tone,and simple user interface.However,much of the information it offers is already widely available without that technology.Onli

62、ne resources for a range of expertise levels include detailed laboratory guides and protocols,DIYbio educational materials,YouTube videos,and many others.11 Scientific publications are particularly rich sources of information because they are meant to be replicable and testable,and so include detail

63、s such as scientific rationales,step-by-step protocols,and comprehensive lists of specific materials and where to obtain them.In addition to scientific concepts,malicious actors may also research logistical and operational information at this stage to inform their future plans.Some plans involve add

64、itional biological design steps to design or modify a pathogen or toxin to have new characteristics.Researchers have studied pathogens and toxins this way for decades,for example to learn more about how a pathogen functions or to design therapies such as vaccines.*Malicious actors may use the same t

65、echniques to design or redesign elements of a pathogen or toxin to be more harmful,easier to *Researchers can design protocols using longstanding,decades-old techniques to modify pathogens and toxins,including genetic engineering,serial passaging,reverse genetics,and pathogen recombination.More rece

66、ntly,non-AI computational modeling software has accelerated researchers ability to design and predict specific modifications and outcomes.For more information on how and why researchers conduct gain and loss-of-function research on pathogens,see:Caroline Schuerger,Steph Batalis,Katherine Quinn,et al

67、.,“Understanding the Global Gain-of-Function Research Landscape,”Center for Security and Emerging Technology,August 2023,https:/cset.georgetown.edu/publication/understanding-the-global-gain-of-function-research-landscape/.Center for Security and Emerging Technology|12 produce,or evade detection.Rega

68、rdless of intent,one way to design pathogens and toxins uses the traditional scientific method and involves forming a hypothesis about which biological elements to modify,and how,to achieve a desired goal.Alternatively,AI-enabled biological tools,like Biological Design Tools(BDTs),predict biological

69、 and molecular features guided by user-defined criteria.*Users may find it beneficial to combine these methods,for example by drawing on their preexisting scientific expertise to select a biological element to modify,and then taking advantage of AI-enabled biological tools to predict specific altera

70、tions that will result in the desired outcome.Policy Option:Employ model safeguards to govern how AI tools are developed,deployed,used,and monitored.While AI tools are not required to generate a pathogen or toxin,they can be incorporated into the Planning and Design phase and are thus one area towar

71、d which policy action could be directed.Potential safeguards span the entire AI lifecycle,and generally involve governing how certain models should be built and who should be able to develop them,what capabilities these models should or should not have,and which users should have access to them and

72、how.The 2023 Executive Order(EO)on AI will inform some of this oversight by requiring studies to better understand biological risks,and by mandating reporting requirements for certain types of models(see Box 1 for details).However,model regulations are accompanied by technical,philosophical,and logi

73、stical questions that will require careful consideration.One challenge surrounds how to define which outcomes are considered“risky,”and thus must be assessed and mitigated.Assessing biological risk is difficult because it is context-dependent,does not include clear borders between“risky”and“harmless

74、”pathogens,and necessitates making predictions about how pathogens function under different conditions.Assessing whether AI models generate potentially risky biological information,then,is similarly difficult to determine.*Biological design tools(BDTs)design elements of biological systems,often impl

75、ying a generative function.However,some biological models are not generative and may not be used for design purposes,but are still relevant to discussions of AI x Bio.For example,a large language model(LLM)trained on DNA sequences or an AI tool that predicts protein structures can be integrated into

76、 experimental workflows without generating or designing molecules.To avoid overly restrictive terminology,models trained on biological data are broadly referred to as“AI-enabled biological tools”throughout this report.Center for Security and Emerging Technology|13 An additional consideration is that

77、 some types of model safeguards can only be achieved for closed-source models in which developers maintain complete control and surveillance over their systems and users cannot alter,fine-tune,or covertly use them.12 Many AI-enabled biological tools are already available open source because they wer

78、e developed by life sciences academic groups,a community that strongly promotes the concept of open science and transparency for peer review and that often does not have adequate resources to host and maintain an application programming interface(API).13 If closed-source models become required,these

79、 groups may need additional infrastructure,people,or funding to host and maintain secure interfaces.Finally,it will be important to carefully balance the tradeoffs between safety and security measures and their potential impacts on model performance,capabilities,and beneficial applications.In some c

80、ases,it may be acceptable to decrease model performance in pursuit of safety,for example by limiting chatbots from providing potentially dual-use information about historical bioweapons attacks,public health vulnerabilities,and lists of the most dangerous human pathogens.On the other hand,the capabi

81、lities that make an AI-enabled biological tool useful for scientific researchthe ability to better understand,manipulate,and design biological systemsare the same ones that could be exploited to cause harm.Because these outcomes are technically challenging to separate,safeguards that prevent an AI-e

82、nabled biological tool from providing harmful outputs could impede the meaningful scientific advances that these tools were designed to achieve.Such an outcome could widen resource gaps for less-funded researchers who use AI-enabled biological tools to reduce the need for certain expensive equipment

83、 and experiments.The following options and considerations have been proposed as potential bio-relevant AI safeguards,spanning the AI lifecycle from development to use.During model development:o Increase developer awareness of biosafety and biosecurity principles.Developers can more responsibly desig

84、n,use,and disseminate biological models if they are aware that biosecurity risks exist in the first place,and know which outcomes to evaluate for and build safeguards against.14 The United States could support the development of a developer-focused biosafety and biosecurity training module,which cou

85、ld be voluntarily adopted by developers or made a condition of federal research funding or access to other resources such as databases or compute infrastructure.Center for Security and Emerging Technology|14 o Restrict how chatbots engage with certain topics.Methods to establish off-limits biologica

86、l topics for chatbots include filtering training data(as elaborated in the following section),discouraging or penalizing certain outputs,and building additional filters to flag problematic questions and/or block the model from responding to the user.15 Notably,deciding which topics to restrict,and t

87、o what level of detail,is a challenging question that may be approached asymmetrically by developers with different risk tolerances.While guardrails could be removed or circumvented by particularly committed actors through jailbreaking and creative prompt engineering,they may still deter less-motiva

88、ted users or those who are unaware that they are requesting harmful information.Initial evidence from a red-teaming exercise to plan a hypothetical biological attack indicates that model guardrails require additional time and effort to overcome.16 o Identify and remove certain dual-use data from mod

89、el training.Models may be less capable of generating harmful outputs if they are not trained on dual-use data.As discussed above,defining which types of data are risky enough to restrict is a challenge because dual-use data have legitimate uses alongside their potentially harmful ones.For a chatbot,

90、this could be information about historical bioterrorism attacks or the highest-consequence public health threats,while for AI-enabled biological tools this could include data such as pathogen genomes or chemical toxicity profiles.17 Additionally,users can update open-source models with training data

91、 that was initially excluded,and developers may be disincentivized from removing training data if it decreases model performance.18 o Implement access controls to limit who is able to develop certain models.Customer screening for sensitive biological datasets and high-performance computing infrastru

92、cture,using the measures described in Box 2,is one option that has been proposed to limit model development to approved developers and increase visibility into development pipelines.19 However,limiting computing access may be less effective as smaller domain-specific models become increasingly capab

93、le,and as technical advances lower the needed computational power to develop cutting-edge models.20 Center for Security and Emerging Technology|15 o Assess models before they are released to identify,characterize,and measure potentially harmful outputs.Assessments can provide insight into whether an

94、d how often undesired outputs occur,how well safeguards are working,and if safeguards need to be updated or improved.For example,red-teaming tests whether users are able to break through guardrails in a controlled environment.21 But as of October 2024,no standardized evaluation or assessment guideli

95、nes define what exactly is considered a biological risk,which specific factors increase risk,or which factors substantiate reporting.Other types of biorisk governance,such as research oversight frameworks or export control lists,may be a useful starting point to identify biological risk factors of c

96、oncern.During model use:o Implement model access controls.Models with dual-use potential could be restricted by user log-ins,credentialing,customer screening,structured access,or other forms of“know-your-customer”measures such as those described in Box 2.22 However,deciding which types of AI-enabled

97、 biological tools are deserving of access controls is an open question.Some tools have more obvious dual-use potential,for example those that predict a pathogens transmissibility or ability to evade the immune system.However,more generalized AI-enabled biological tools,such as those that generate pr

98、otein structures or predict molecular interactions,could also be misapplied to cause harm.o Monitor user behavior and model usage.Tracking user behavior could help to identify users who input potentially concerning queries,recognize unusual patterns of use within a single model or across multiple mo

99、dels,and aid in attribution efforts if misuse does occur.If models are hosted through structured-access APIs,user behavior could be monitored by maintaining and reviewing logs of prompt queries or building systems to detect and alert certain types of usage.23 o Establish harm reporting mechanisms.Ev

100、en if careful consideration goes into anticipating potential negative outputs,there is always a possibility that AI systems could generate other,unforeseen consequences.Reporting mechanisms,which could include one or a combination of mandatory,voluntary,and citizen reporting,would allow Center for S

101、ecurity and Emerging Technology|16 developers or other oversight bodies to track and characterize outcomes that may otherwise go unnoticed.24 o Conduct continuous research on evolving risks and safeguards.As the state of the art continues to advance,ongoing monitoring,testing,and horizon-scanning of

102、 new model capabilities can ensure that safety and security approaches keep pace with these changes.A number of mechanisms to promote this research have been suggested,including creating federal research funding initiatives,forming U.S.consortia or working groups,and convening international forums.2

103、5 Box 2.Customer Oversight:Monitoring and Screening Also called Know-Your-Customer guidelines,customer oversight monitors or screens the people who use a product,tool,or service.Monitoring can help to detect unusual patterns of use or aid in attribution capabilities,for example by requiring a login

104、to access a system that can then collect and store information about users and their activities.26 Screening makes use of that same information to determine whether an individual should be allowed to complete a purchase or access a system.27 Customer oversight generally involves three factors:verify

105、ing a customers identity(is this person who they say they are,and do they actually exist?),whether a user is legitimate(does the customer have the appropriate credentials to access this resource?)and whether the intended use case is legitimate(is there a valid need for the resource?).All three of th

106、ese elements can be difficult,costly,time-consuming,and subject to individual perceptions of legitimacy.28 For example,verifying a researchers institutional affiliation is challenging at scale because of the sheer number of research institutions in the world,the lack of name recognition(and associat

107、ed perception of legitimacy)associated with new startups and small international institutions,and the frequency with which researchers move between institutions.29 Various forms of customer oversight have been proposed for several resources within the life sciences,from databases and AI models to ph

108、ysical and virtual infrastructure,materials,and services.However,experts also recognize challenges,for example the lack of guidance for providers about what constitutes“concerning”or“unusual”use and the need to consider equity,access,and fairness to avoid discouraging public engagement in the life s

109、ciences.30 Some have further suggested using a centralized life sciences customer verification system to reduce screening burdens for individual providers,and to enable better detection of concerning patterns by tracking a single customers activities across multiple services and providers.31 Center

110、for Security and Emerging Technology|17 Policy Option:Encourage responsible research development by raising researcher awareness and training for biosafety and biosecurity.Researchers can play an important role in risk reduction during legitimate scientific research by designing safer research plans

111、 that take biosafety and biosecurity into consideration.At present,both the NIH Guidelines and DURC/PEPP Policy require researchers and their institutions to assess safety concerns and develop risk mitigation plans before any experiments can commence(see Box 1 for details).Additional strategies coul

112、d include engaging with research communities to set norms and empower responsible research,developing and incorporating biosafety and biosecurity training into government-led biotechnology initiatives and federal funding requirements,and generally increasing such training for researchers at every le

113、vel,from lead investigators to trainees.32 Step:Acquire Research Funding While private companies may fund their own research and development,researchers at academic or nonprofit institutions typically apply for grants to fund their work.In the United States,a large portion of research grant funding

114、comes from the federal government through agencies such as the NIH or the National Science Foundation,although nonprofits,companies,philanthropic,and other organizations also fund research.Policy Option:Include safety and reporting requirements as conditions of research funding.Research funding gran

115、ts can be a major point of oversight because they require researchers to disclose their intended research activities and demonstrate that they are able to meet safety requirements.The NIH Guidelines,DURC/PEPP Policy,and 2023 EO on AIs OSTP Screening Framework all use federal grant funding as the pol

116、icy lever to require various biosafety and biosecurity measures(see Box 1 for details).Beyond these policies,individual sources of federal research funding can include additional terms and conditions including,for example,requiring adherence to the BMBL.33 These levers are limited to federally funde

117、d research and leave gaps in visibility and oversight for privately funded research.An additional measure could be for non-federal funders to incorporate biosecurity and biosafety reviews.Voluntary efforts and partnerships,for example the newly announced International Bio Funders Compact,could help

118、non-federal funders to incorporate biosafety and biosecurity reviews into their funding approval and oversight processes.34 Center for Security and Emerging Technology|18 Phase 2:Physical Execution Once an actor has decided on a plan to generate a pathogen or toxin,the next series of steps involves

119、translating that plan into a physical product.This phase is where the potential for real-world infections,with physical pathogens and toxins,can arise.Figure 3 illustrates the steps in the Physical Execution phase and their corresponding policy options,with harmful outcomes indicated in red.Figure 3

120、.Steps and Policy Options in the Physical Execution Phase Source:CSET.Red boxes denote harmful outcomes.Note Blue boxes denote safeguards that are specific to intentional misuse or scientific research,while purple boxes indicate safeguards that apply to both scenarios.Center for Security and Emergin

121、g Technology|19 The Physical Execution phase can vary widely in terms of the degree of difficulty,accessibility,and cost to complete.Different types of biological agentslike bacteria,viruses,fungi,and toxinsare handled in specialized ways,using different materials,techniques,and resources.Variabilit

122、y can also stem from differing objectives.A researcher whose goal is to achieve replicable results and draw accurate conclusions may place a high importance on using high-quality,validated materials and doing things the“right way,”while a malicious actor may accept less precise but lower-cost altern

123、atives.Because this brief cannot address every possible scenario,it instead describes general required elements within each step of the Physical Execution phase.Step:Acquire Materials Regardless of their intent and final desired outcome,actors will need to procure the materials that are relevant to

124、their plan.Examples of possible materials include equipment,laboratory supplies,and biological materials.Equipment:can include storage,experimentation,or containment equipment(e.g.,refrigerators,centrifuges,incubators,biosafety cabinets,and autoclaves).Some types of equipment could help a malicious

125、actor to disseminate pathogens or toxins and are included on regulatory lists of dual-use items,although they also have legitimate uses(e.g.,freeze dryers or sprayers).35 Lab Supplies:can include consumables and reagents(e.g.,glassware,paper and plastic products,chemicals,and cell culture media).Bio

126、logical Materials:can include infectious or non-infectious samples,nucleic acids,and research animals(e.g.,bacteria or viruses,cell lines for experimentation or protein production,DNA or RNA,and laboratory mice).Researchers can access these materials by purchasing them from major suppliers of scient

127、ific products,peer-to-peer sharing between labs,or via shared equipment facilities at their institutions.It is also possible to set up a functioning laboratory without access to these sources.For example,some online providers cater to customers who set up laboratories for other reasons,including hig

128、h school or community college courses,science education programs,and citizen scientists.*Resellers on eBay and other auction sites often list *Biotech companies that ship to residential addresses sell polymerase chain reaction(PCR)kits and machines,incubators,ultra-low temperature freezers,genetic e

129、ngineering kits,protein expression and purification reagents,assay kits,and benchtop nucleic acid synthesizers,among other materials.Center for Security and Emerging Technology|20 used equipment from academic or commercial research laboratories,including benchtop DNA synthesizers and sequencers,full

130、 biosafety cabinets,and chromatography equipment.Researchers without large equipment budgets may also look for discounted equipment from these sellers.Community Bio and DIYbio groups also provide a wealth of information on how to set up a home lab,including by using low-cost at-home alternatives.36

131、For example,home scientists can source specialized chemicals from hardware,pet supply,or craft stores;3D-print a centrifuge attachment for a Dremel(a DremelFuge);or use an egg incubator,yogurt maker,or diaper warmer as a bacterial incubator.37 Many of these options are especially useful for science

132、outreach and education initiatives that aim to inspire youths to pursue science through hands-on experiences.Policy Option:Monitor or restrict the flow of certain materials to reduce the chance of their misuse.Certain materials have higher levels of baseline risk or an increased dual-use potential.T

133、racking and restricting the flow of these materials is one way to safeguard against their intentional or unintentional misuse.In general,oversight mechanisms can monitor the flow of materials,screen customers,and create regulations to guide who should be allowed to access certain materials and under

134、 what conditions.In the United States,the Federal Select Agent Program(see Box 1 for details)and export controls both regulate the possession,use,and transfer of specific high-risk materials,pathogens,and toxins.38 Individual research institutions may also enact processes for accepting and transferr

135、ing materials to ensure compliance with federal regulations.For synthesized nucleic acids,export controls regulate the global distribution of certain sequences derived from high-risk organisms.39 In addition,several nucleic acid synthesis providers voluntarily screen orders,and the 2023 EO on AI req

136、uires federally funded research to purchase nucleic acids from providers that attest to following the OSTP Screening Framework.40 Additional measures could include the following actions:o Address implementation challenges for nucleic acid synthesis screening.Sequences of concern(SOCs)can include gen

137、e sequences from regulated agents and toxins and other sequences that may contribute to a pathogen or toxins ability to cause harm.41 Current methods screen for SOCs from relatively small lists of regulated pathogens,while the OSTP Screening Framework will require providers that attest to following

138、the guidance to expand the sequences they screen for beyond this list by 2026.42 Expanding the list and deciding which additional sequences should be considered SOCs,however,Center for Security and Emerging Technology|21 remains a challenge because a sequences potential risk changes depending on how

139、 it is used and because the function of many sequences is unknown.43 A public-private partnership between the National Institute of Standards and Technology(NIST)and the Engineering Biology Research Consortium(EBRC)is currently engaging with industry and public partners to lay out actionable next st

140、eps.44 Notably,this is an area where AI tools could help.Projects to develop sequence-to-function algorithms that predict“harmful”and“not harmful”sequences,for example the Fun GCAT Program from the Intelligence Advanced Research Project Activity(IARPA),could help providers to flag additional SOCs du

141、ring screening.45 However,questions remain around how harmful a predicted sequence needs to be to trigger a screening flag,and how confident that prediction needs to be.Regardless of how screening frameworks are designed in the near term,long-term success will require them to be adaptable as technol

142、ogy evolves,potentially by including ongoing research on risks,new technical approaches,and iterative stress-testing protocols.46 It will also be important to ensure that screening is part of a broader oversight landscape,and to not overly rely on nucleic acid synthesis screening to prevent all pote

143、ntial biological risks.*o Expand nucleic acid synthesis screening requirements beyond federally funded research.The 2023 EO on AI does not require providers to screen orders,but instead only allows federal research funds to be used to purchase from those that do.47 Providers may choose not to implem

144、ent and attest to screening,if they accept forgoing customers who receive federal research funding.Similarly,privately funded research projects or malicious actors may choose to purchase synthesized nucleic acids from a provider that does not screen orders for SOCs.Experts have recognized this chall

145、enge,and suggested various international initiatives to set norms and establish baseline practices for universal gene synthesis screening.48 o Expand screening to other types of materials.In addition to synthesized nucleic acids,customer screening such as that described in Box 2 has *In addition to

146、commercial synthesis providers,custom DNA can also be obtained from a benchtop synthesizer or,in some cases,by laboratory techniques.Other sequences can be obtained from plasmid repositories or isolated from samples.Additionally,not every method to generate a pathogen uses DNA or RNA,whether synthes

147、ized commercially or otherwise.For example,serial passaging can alter a pathogens transmissibility,virulence,and host range.Center for Security and Emerging Technology|22 been suggested to regulate other types of materials,for example samples of certain pathogens and toxins,nucleic acids from other

148、sources,plasmids or helper viruses to generate viral particles,and equipment such as benchtop DNA synthesizers,in addition to many others.49 o Address resource-sharing practices among researchers.Sharing resources is a common practice among researchers,government,and industry,and could result in pot

149、entially harmful materials being distributed to third parties without sufficient oversight.If safety measures involve monitoring or restricting access to materials,then visibility and oversight would need to extend to all end users and not just the customer who makes the initial purchase.Some expert

150、s suggest strengthening resource-sharing frameworks and engaging with the research community to encourage best practices and security norms for resource-sharing.50 Step:Physical Handling(Experimentation and Production,Weaponization)This step encompasses all of the hands-on,laboratory-based physical

151、actions to culture,expand,manipulate,prepare,or otherwise use pathogens or toxins.For a malicious actor,this step may involve generating a large amount of the desired pathogen or toxin.Depending on the intended use case,malicious actors may also prepare the biological agent for use as a weapon by st

152、abilizing it as necessary for later steps,formulating it with other components,or loading it into a dispersal device.For a researcher,the goal may be to assemble a biological design,test a system,or measure specific biological characteristics.Experimentation is especially likely to loop back to prev

153、ious phases in the process,as troubleshooting a failed experiment may involve identifying alternative protocols and new techniques,redesigning a biomolecule,or ordering different materials.Many researchers perform physical handling steps themselves in purpose-designed laboratories at academic,medica

154、l,or private-sector research facilities.It is also possible to perform these steps in functional home laboratories outside of these institutions,or at rented space in a community laboratory.Additionally,life sciences service providers such as academic core laboratories,contract research organization

155、s,biofoundries,and cloud laboratories can help to perform or augment some physical handling steps.These services can make research more efficient by outsourcing certain Center for Security and Emerging Technology|23 steps to specialized facilities with dedicated equipment,expertise,and workflows.For

156、 example,there have been recent calls to establish a national network of cloud labs because they could minimize resource gaps for researchers without the budget for expensive equipment,increase the pace of potentially groundbreaking wet-lab experimentation,and automate large-scale biological data co

157、llection.51 Advances in automation and autonomous experimental platforms are emerging as another resource to assist with physical handling steps.These systems follow programmed instructions to move samples between various pieces of laboratory equipment using robotic arms and liquid handlers.Automate

158、d platforms can help researchers to increase productivity by running many samples in parallel,standardizing certain types of measurements and data collection,and freeing up hands-on time for other pursuits.Recent examples demonstrated the ability for large language model(LLM)based“agents”to control

159、automated experimental platforms for chemical synthesis,and have raised concern about their potential to lower capability barriers for malicious actors.52 At present,these concerns may be more realistic for chemical synthesis tasks than biological engineering tasks that involve a greater variety of

160、steps and the added complexity of maintaining living cells.53 Mitigating future misuse risks for LLM-controlled experimental platforms can draw on policy options presented previously in this report.For example,model safeguards would apply to the AI component of such a system,while measures that rest

161、rict or monitor material acquisition would apply to the systems connected laboratory equipment and required laboratory supplies.Policy Option:Monitor or restrict access to research services.Current safety measures for life sciences service providers are piecemeal and often voluntary.Given the potent

162、ial benefits that these services can have for scientific research,and the risk of widening resource inequalities among researchers,any new governance should be carefully designed and evaluated to avoid creating unnecessary barriers.Options to enhance oversight could include:o Employ customer screeni

163、ng for life sciences service providers.Experts have recommended that customer screening,described in Box 2,could be adopted by service providers to verify customers and that their services are being requested for legitimate purposes.54 Which providers and types of services meet some threshold of dua

164、l-use potential,and thus should screen customers,is an open question.Center for Security and Emerging Technology|24 o Strengthen biosecurity standards for research services.Cloud labs,for example,are not currently obligated to meet any biosecurity requirements,although many of the leading cloud lab

165、companies have voluntarily adopted their own practices.55 Potential best practices for cloud labs could include human review and approval of requested experiments,and maintaining experimental logs for monitoring and attribution.56 Outcome:Release and Exposure(Intentional Deployment or Accidental Con

166、tainment Breach )This is the stage at which a pathogen or toxin comes in contact with a susceptible human,a necessary step to cause physical harm.A biological agent that stays fully contained within a test tube or appropriate laboratory setting will not cause human infection or toxicity;it must be r

167、eleased from containment to do so.Malicious actors may purposefully deploy a biological agent by intentionally dispersing the agent among chosen targets.The deployment process can vary widely in scale,requirements,and difficulty level based on the chosen targets and objectives.Malicious actors can h

168、ave many goals,from targeting a few key people with a small amount of material,to large-scale distribution of a toxin,to strategic deployment of infectious diseases to initiate an outbreak,epidemic,or pandemic.Malicious actors may be able to use chatbots to help plan these operational steps,for exam

169、ple by attaining information about previously successful proliferation pathways or general security vulnerabilities to exploit.57 While this knowledge can inform deployment,for the purposes of this report it is considered information-gathering and is included in the Planning and Design phase.Researc

170、hers can be exposed to a pathogen or toxin during the course of scientific research if appropriate containment measures and practices are not taken,or if a laboratory accident causes a pathogen or toxin to escape those containment measures.Incidents that could lead to laboratory-acquired infections

171、include procedural errors,splashes or spills,accidental needle punctures,bites from research animals,and engineering failures.58 Policy Option:Enable law enforcement intervention by enhancing awareness of malicious activity.If a malicious actor successfully prepares a pathogen or toxin,the predomina

172、nt remaining safeguard is for intelligence and law enforcement agencies to become aware of the threat and intervene before it is Center for Security and Emerging Technology|25 deployed.Such intelligence efforts could be improved by elevating and coordinating biological threat intelligence collection

173、.Detecting potential bioterrorists and their plans of deployment requires the collection and integration of many types of intelligence,spanning jurisdictions and agency roles.Expert recommendations to better coordinate such efforts include designating a National Intelligence Manager for Biological T

174、hreats and maximizing interagency intelligence-sharing between appropriate entities.59 Policy Option:Strengthen laboratory biosafety to prevent or lessen the consequences of research accidents.Proper biosafety practices,systems,and infrastructure can make research safer by preventing exposures from

175、occurring in the first place,or by responding appropriately to mitigate the harm if they do occur.Effective laboratory biosafety strategies are multilayered to address the many potential points of failure that can occur during research,including failures to follow procedures,handle materials and equ

176、ipment appropriately,safeguard facilities,and effectively train personnel.In the United States,the BMBL is the primary document guiding the safety and biocontainment practices for research involving infectious microorganisms and hazardous biological materials(see Box 1 for details).The BMBL recommen

177、ds standard practices and risk assessments to inform safe research with hazardous biological agents,but is not a regulatory document and cannot itself require researchers to take any particular measures.The NIH Guidelines,DURC/PEPP Policy,and FSAP all involve risk mitigation plans and require eviden

178、ce that the investigator and research institution can conduct the relevant research safely and securely and can respond to potential lapses(Box 1).Actions that could strengthen laboratory biosafety include:o Expand standardized biosafety practices to all research.Of the described research oversight,

179、only the FSAP is required regardless of a research project or institutions funding source.In contrast,the BMBL provides guidance and best practices but is not a regulatory document,and the NIH Guidelines and DURC/PEPP Policy apply only to research projects that meet specified federal funding criteri

180、a.All three regulatory policies(FSAP,NIH Guidelines,and DURC/PEPP Policy)are limited to research with specified pathogens or experimental conditions.As discussed on page 17,adherence to biosafety practices such as those outlined in the BMBL could be made a condition of all research funding,including

181、 from private,nongovernmental funders.Center for Security and Emerging Technology|26 o Increase support and resources for institutional biosafety efforts.Institutions have unique insight into their facilities available resources,expertise,and containment infrastructure and are the first line of defe

182、nse in the event of an incident.Yet institutional biosafety officers are often under-resourced,especially as new duties are formally or informally added to their roles.Experts have suggested a range of solutions including funding for additional biosafety officers,developing a framework to train them

183、,and establishing working groups or networks of IBCs,IREs,and biosafety and biosecurity experts to share and standardize best practices across institutions.60 o Increase research to inform evidence-based biological risk management.Information about real-world biocontainment failures,efficacy of risk

184、-reduction measures,and experimental outcomes could help to design more effective and efficient biosafety protocols.61 For example,research on how aging affects a materials biocontainment efficacy could inform requirements for equipment recertification and replacement.Possible solutions include ince

185、ntivizing research for biosafety measurements and implementing no-fault reporting structures for various types of failures,accidents,or near-accidents.62 Outcome:Potential Spread Some infections can spread beyond the initial infected individual and lead to an outbreak,epidemic,or pandemic.While a la

186、rge-scale outbreak can have substantial negative consequences,a single infection or localized outbreak can still be highly impactful and cause public alarm or panic.Policy Option:Improve pandemic and public health preparedness to better respond to a biological event.Regardless of how an outbreak sta

187、rtswhether by intentional misuse,a research accident,or natural causesrobust pandemic and public health infrastructure is an important line of defense.Efforts to quickly detect and monitor an outbreak,develop and manufacture diagnostics and medical countermeasures(MCMs),and secure medical supply cha

188、ins can all reduce the chance of a local outbreak turning into a global pandemic.Pandemic and public health preparedness spans disciplines,jurisdictions,and federal agencies,and expert suggestions for improvement are too extensive to exhaustively list here.Some select considerations include:Center f

189、or Security and Emerging Technology|27 Improve and expand global biosurveillance.Biosurveillance,described on page 9,can aid in pandemic and public health preparedness by quickly detecting disease-causing agents regardless of their origin.For both naturally occurring and engineered pathogens,early d

190、etection can inform resource allocation,public health measures,therapy development,and emergency response strategies.63 In addition to the actions to improve U.S.biosurveillance described on page 9,biosurveillance will be most effective as a global endeavor that includes international information an

191、d resource-sharing because pathogens do not limit their spread to national borders.Increase research and development to proactively prepare diagnostics and MCMs for potential threats.The United States could have a more proactive pipeline of research,therapies,and interventions for future potential i

192、nfectious diseases.64 A more forward-thinking approach would prioritize research and development to better understand infectious diseases and to develop MCMs and diagnostic tests that are either broad-spectrum or adaptable to a variety of potential threats.65 The United States can be more proactive

193、by increasing funding for government initiatives such as the Biomedical Advanced Research and Development Agencys Project BioShield,creating a market for MCM development,and standardizing a regulatory pathway for adaptable technologies.66 Investigate AI tools to assist with pandemic preparedness and

194、 response.AI tools can provide information to help public health officials respond to outbreaks more quickly and effectively.For example,AI can identify patterns that indicate an outbreak,predict the impact of emerging pathogen strains,speed up antibody and vaccine design,and optimize supply chain a

195、nd distribution networks.67 Future strategies could build on these advances by incentivizing research to develop further capabilities and assess how to implement them in public health systems.Outcome:Scientific Findings and Potential Information Hazard The overarching goal of research is to learn mo

196、re about a biological system.Researchers share these new insights with their peers by publishing their findings,for example in peer-reviewed scientific journals or online as preprints.Open,transparent,and accessible scientific literature is widely valued in the scientific community because Center fo

197、r Security and Emerging Technology|28 it allows other researchers to generate new ideas,collectively build upon shared information,and test the reproducibility of other researchers work.However,some research findings could constitute an information hazard if published and misused by malicious actors

198、,even if the research itself was conducted responsibly.Policy Option:Minimize information hazards for potentially dual-use scientific information.Deciding how to handle potential information hazards raises challenging questions about how to weigh the risks and benefits of publishing potentially dual

199、-use information.As has been discussed,biologys dual-use nature means that the information,protocols,and materials that could be misused to cause harm also have widespread practical uses.Furthermore,security concerns will need to be balanced against scientific openness and the risk that withholding

200、information could undermine public trust in science.The DURC/PEPP Policys Implementation Guidance includes a Risk-Benefit Analysis of Communication to help decide whether,and to what extent,to share findings that pose potential dual-use risks(see Box 1 for details).68 Possible measures to consider i

201、nclude:Standardize publication practices for scientific publishers.Editorial policies for potential dual-use information vary between scientific journals and can be vague.For example,it is unclear whether some journals would allow manuscripts to be published with redacted or incomplete information,a

202、nd how different regional norms affect global publication practices.Publishing norms could be strengthened through a forum for publishers to share best practices and develop standardized approaches,and by creating or standardizing policies for other publication outlets like preprint servers.69 Expan

203、d the practice of conducting risk-benefit communication analyses.The risk-benefit communication analysis included in the DURC/PEPP Policys Implementation Guidance provides a framework to help evaluate risk factors and publication options for dual-use information.It encourages researchers to consider

204、 factors such as the time scale and magnitude of potential harm,available mitigation measures,and ease for a malicious actor to carry out.70 This or a similar framework could be expanded to research that is not subject to the policy,or it could be made a condition for other types of research funding

205、,or integrated into institutional policies.Center for Security and Emerging Technology|29 Concluding Thoughts Figure 4.Safety and Security Toolkit for Intentional Misuse and Scientific Research Source:CSET.Note:Dashed blue line denotes the Planning-to-Physical transition,and red boxes denote harmful

206、 outcomes.Blue boxes denote safeguards that are specific to intentional misuse or scientific research,while purple boxes indicate safeguards that apply to both scenarios.Figure 4 illustrates the broad spectrum of tools that policymakers could draw upon to mitigate both AI-agnostic and AI-enhanced bi

207、ological risks,spread across the planning and physical stages.As the United States strengthens its existing biosafety and biosecurity ecosystem,and incorporates additional safeguards for new and emerging threats,it will also be important to keep the following considerations in mind.First,strategies

208、that reduce risks should not be ignored in favor of strategies that totally remove risks.Total risk mitigation is largely impossible to implement,while risk reduction measures may be more immediately feasible and less likely to impede scientific innovation.For example,list-based biosecurity policies

209、 that apply only to specific,predetermined pathogens have widely recognized limitations because they do not include every possible harmful agent,only include existing agents and not future or unknown ones,and can be evaded by savvy actors.Yet oversight that is based on an imperfect list still reduce

210、s overall risk by comparison with no oversight at all.In keeping with the adage“perfect is the enemy of good,”the United States should Center for Security and Emerging Technology|30 implement todays imperfect but feasible safeguards while investing in the development of tomorrows more advanced strat

211、egies.Second,future safety initiatives will need to be balanced against their trade-offs for scientific research.Any measures that restrict information,resources,materials,or experiments in pursuit of risk mitigation also have the potential to hinder legitimate research.This outcome may be acceptabl

212、e in some cases,especially when the impact on the beneficial application is minor or when the negative consequence is particularly severe.For example,it may be justifiable to limit the types of information that chatbots provide about historical bioweapons attacks even if it limits their utility for

213、biosafety research,or to have stringent safeguards for high-consequence agents such as anthrax or smallpox.In other cases,the chilling effect on scientific research may be deemed to outweigh the safety improvements.These determinations should be informed by engagement with researchers to gauge how r

214、egulations would impact their work,and by a biological risk framework to help stakeholders identify and prioritize risk factors.Finally,future researchers and stakeholders should think more broadly about many types of potential biological harms.This report,like much of the recent discussion about bi

215、osafety,biosecurity,and biodefense,has been very narrowly focused on risks from human pathogens and toxins.Such a limited scope leaves out other potential consequences such as those resulting from plant and animal pathogens,human genetic engineering,environmental harms,and others.For emerging techno

216、logies such as AI,neglecting to consider these factors now could result in missing proactive opportunities to implement safety measures.In sum,viewing biological harms as a multistep process introduces a range of options at various stages to mitigate risks.As the United States continues to expand it

217、s biosecurity and biodefense capabilities,it will benefit from using each of these policy tools to build a more robust and layered system of safeguards.Center for Security and Emerging Technology|31 Author Steph Batalis is a research fellow at CSET.Acknowledgments The author is grateful to Alexander

218、 Titus,James Diggans,and Matthew E.Walsh for reviewing and providing feedback on this report.For additional comments and assistance,special thanks to Igor Mikolic-Torreira,Helen Toner,Vikram Venkatram,Mina Narayanan,Shelton Fitch,and Matt Mahoney.2021 by the Center for Security and Emerging Technolo

219、gy.This work is licensed under a Creative Commons Attribution-Non Commercial 4.0 International License.To view a copy of this license,visit https:/creativecommons.org/licenses/by-nc/4.0/.Document Identifier:doi:10.51593/20240013 Center for Security and Emerging Technology|32 Endnotes 1 U.S.Departmen

220、t of Defense,2023 Biodefense Posture Review(August 16,2023),https:/media.defense.gov/2023/Aug/17/2003282337/-1/-1/1/2023_BIODEFENSE_POSTURE_REVIEW.PDF.2 Todd Kuiken,“Artificial Intelligence in the Biological Sciences:Uses,Safety,Security,and Oversight”(Congressional Research Service,November 22,2023

221、),https:/crsreports.congress.gov/product/pdf/R/R47849;Christopher East,“The UKs AI Safety Summit and the Future of AI Bioweapons”(The Council on Strategic Risks,November 6,2023),https:/councilonstrategicrisks.org/2023/11/06/the-uks-ai-safety-summit-and-the-future-of-ai-bioweapons/.3 Subcommittee on

222、Emerging Threats and Spending Oversight,“Advanced Technology:Examining Threats to National Security,”Homeland Security Governmental Affairs,September 19,2023,https:/www.hsgac.senate.gov/subcommittees/etso/hearings/advanced-technology-examining-threats-to-national-security/.4 David Gillum,George Post

223、e,Craig Woods,and Rachel Levinson,“Biotech Promises Miracles.But the Risks Call for More Oversight,”Bulletin of the Atomic Scientists,August 31,2023,https:/thebulletin.org/2023/08/biotech-promises-miracles-but-the-risks-call-for-more-oversight/.5 Department of Homeland Security,Department of Homelan

224、d Security Report on Reducing the Risks at the Intersection of Artificial Intelligence and Chemical,Biological,Radiological,and Nuclear Threats(Washington,D.C.,April 26,2024),https:/www.dhs.gov/sites/default/files/2024-06/24_0620_cwmd-dhs-cbrn-ai-eo-report-04262024-public-release.pdf;“New Interactiv

225、e Tool from the Bipartisan Commission on Biodefense Maps the Nations Biodefense Enterprise”(Bipartisan Commission on Biodefense,July 10,2024),https:/biodefensecommission.org/new-interactive-tool-from-the-bipartisan-commission-on-biodefense-maps-the-nations-biodefense-enterprise/.6 Arielle DSouza and

226、 Janika Schmitt,“Mapping Americas Biosurveillance”(Institute for Progress,April 3,2024),https:/ifp.org/mapping-americas-biosurveillance/;Tina Won Sherman,“Weapons of Mass Destruction:DHS Has Made Progress in Some Areas,but Additional Improvements Are Needed,”Testimony to the Subcommittee on Emergenc

227、y Management and Technology,118th Congress,March 20,2024,https:/www.gao.gov/assets/d24107426.pdf;Biodefense:DHS Exploring New Methods to Replace BioWatch and Could Benefit from Additional Guidance(Washington,DC:Government Accountability Office,May 20,2021),https:/www.gao.gov/products/gao-21-292.7 Bi

228、odefense:National Biosurveillance Integration Center Has Taken Steps to Address Challenges,But Could Better Assess Results(Washington,DC:Government Accountability Office,November 29,2023),https:/www.gao.gov/products/gao-24-106142;The National Blueprint for Biodefense(Bipartisan Commission on Biodefe

229、nse,April 2024),https:/biodefensecommission.org/wp-content/uploads/2024/05/National-Blueprint-for-Biodefense-2024_final_digital.pdf;DSouza and Schmitt,“Mapping Americas Biosurveillance.”Center for Security and Emerging Technology|33 8 Matthew E Walsh and Gigi Kwik Gronvall,“Discussion on the Future

230、Science and Technology of Biological Attribution”(Johns Hopkins Center for Health Security,December 6,2023),https:/centerforhealthsecurity.org/sites/default/files/2023-02/20230124-bioattribution-mtg-rpt.pdf;Pandemic Origins:Technologies and Challenges for Biological Investigations(Washington,DC:Gove

231、rnment Accountability Office,January 27,2023),https:/www.gao.gov/products/gao-23-105406.9 National Biodefense Strategy and Implementation Plan for Countering Biological Threats,Enhancing Pandemic Preparedness,and Achieving Global Health Security(Washington,DC:The White House,October 2022),https:/www

232、.whitehouse.gov/wp-content/uploads/2022/10/National-Biodefense-Strategy-and-Implementation-Plan-Final.pdf;Tracey Rissman and Annette Prieto,“Attributing Biological Weapons Use:Strengthening Department of Defense Capabilities to Investigate Deliberate Biological Incidents”(RAND Corporation,February 6

233、,2024),https:/www.rand.org/pubs/research_reports/RRA2360-1.html;Jaime M.Yassif,Shayna Korol,and Angela Kane,“Guarding Against Catastrophic Biological Risks:Preventing State Biological Weapon Development and Use by Shaping Intentions,”Health Security 21,no.4(August 2023):25865,https:/ and Schmitt,“Ma

234、pping Americas Biosurveillance”;Walsh and Gronvall,“Discussion on the Future Science and Technology of Biological Attribution”;Pandemic Origins:Technologies and Challenges for Biological Investigations (Washington,DC:Government Accountability Office,January 27,2023),https:/www.gao.gov/products/gao-2

235、3-105406.10 For a more thorough description of the various sources of scientific information,see Steph Batalis,“AI and Biorisk:An Explainer”(Center for Security and Emerging Technology,December 2023),https:/cset.georgetown.edu/publication/ai-and-biorisk-an-explainer/.11 Batalis,“AI and Biorisk:An Ex

236、plainer.”12 Kyle Miller,“Open Foundation Models:Implications of Contemporary Artificial Intelligence”(Center for Security and Emerging Technology,March 12,2024),https:/cset.georgetown.edu/article/open-foundation-models-implications-of-contemporary-artificial-intelligence/.13 Sarah R.Carter,Nicole E.

237、Wheeler,Sabrina Chwalek et al.,“The Convergence of Artificial Intelligence and the Life Sciences,”Nuclear Threat Initiative,October 30,2023,https:/www.nti.org/analysis/articles/the-convergence-of-artificial-intelligence-and-the-life-sciences/.14 Stephanie Batalis,Caroline Schuerger,Gigi Kwik Gronval

238、l,and Matthew E.Walsh,“Safeguarding Mail-Order DNA Synthesis in the Age of Artificial Intelligence,”Applied Biosafety 29,no.2(December 27,2023):7984,https:/ Carter,Wheeler,et al.,“The Convergence of Artificial Intelligence and the Life Sciences”;Jessica Ji,Josh A Goldstein,and Andrew J Lohn,“Control

239、ling Large Language Model Outputs:A Primer”(Center for Security and Emerging Technology,December 2023),https:/cset.georgetown.edu/publication/controlling-large-language-models-a-primer/.Center for Security and Emerging Technology|34 16 Christopher A.Moutun,Caleb Lucas,and Ella Guest,“The Operational

240、 Risks of AI in Large-Scale Biological Attacks:Results of a Red-Team Study”(RAND Corporation,January 25,2024),https:/www.rand.org/pubs/research_reports/RRA2977-2.html.17 Natalie R Zelenka,Nina Di Cara,Kieren Sharma,et al.,“Data Hazards in Synthetic Biology,”Synthetic Biology 9,no.1(January 1,2024),h

241、ttps:/doi.org/10.1093/synbio/ysae010;Department of Homeland Security,Report on Reducing the Risks at the Intersection of Artificial Intelligence and CBRN Threats;Carter,Wheeler,et al.,“The Convergence of Artificial Intelligence and the Life Sciences.”18 Charlie D.Johnson,Wilson Sinclair,and Rebecca

242、Mackelprang,“Security Considerations at the Intersection of Engineering Biology and Artificial Intelligence”(Engineering Biology Research Consortium EBRC,November 2023),https:/ebrc.org/wp-content/uploads/2023/11/Security-Considerations-at-the-Intersection-of-Engineering-Biology-and-Artificial-Intell

243、igence-EBRC.pdf;Carter,Wheeler,et al.,“The Convergence of Artificial Intelligence and the Life Sciences.”19 Federation of American Scientists,Johns Hopkins Center for Health Security,Nuclear Threat Initiative Global Biological Policy and Programs,and Scowcroft Institute of International Affairs,“Res

244、ponse to the NSCEBs Interim Report and AIxBio Policy Options,”comments to the National Security Commission on Emerging Biotechnology,April 9,2024,https:/centerforhealthsecurity.org/sites/default/files/2024-04/2024-04-09-joint-nsceb-response.pdf.20 Carter,Wheeler,et al.,“The Convergence of Artificial

245、 Intelligence and the Life Sciences.”21 Jessica Ji,“What Does AI Red-Teaming Actually Mean?”Center for Security and Emerging Technology(blog),October 24,2023,https:/cset.georgetown.edu/article/what-does-ai-red-teaming-actually-mean/.22 U.S.AI Safety Institute,Managing Misuse Risk for Dual-Use Founda

246、tion Models(NIST AI 800-1,July 2024),https:/nvlpubs.nist.gov/nistpubs/ai/NIST.AI.800-1.ipd.pdf.Includes considerations for model developers when assessing potential deployment options.23 Toby Shevlane,“Structured Access:An Emerging Paradigm for Safe AI Deployment,”in The Oxford Handbook of AI Govern

247、ance,ed.Justin B.Bullock,Yu-Che Chen,et al.(Oxford University Press,2024),doi:10.1093/oxfordhb/9780197579329.013.39.24 Owen Daniels and Dewey Murdick,“Enabling Principles for AI Governance”(Center for Security and Emerging Technology),July 2024,https:/cset.georgetown.edu/publication/enabling-princip

248、les-for-ai-governance/;Ren Bin Lee Dixon and Heather Frase,“An Argument for Hybrid AI Incident Reporting”(Center for Security and Emerging Technology,March 2024),https:/cset.georgetown.edu/publication/an-argument-for-hybrid-ai-incident-reporting/;Department of Homeland Security,Report on Reducing th

249、e Risks at the Intersection of Artificial Intelligence and CBRN Threats.25 National Security Commission on Emerging Biotechnology,Interim Report(December 2023),https:/www.biotech.senate.gov/wp-content/uploads/2024/01/NSCEB-December-2023-Interim-Center for Security and Emerging Technology|35 Report.p

250、df;Daniels and Murdick,“Enabling Principles for AI Governance”;Johnson,Sinclair,and Mackelprang,“Security Considerations at the Intersection of Engineering Biology and Artificial Intelligence.”26 Johnson,Sinclair,and Mackelprang,“Security Considerations at the Intersection of Engineering Biology and

251、 Artificial Intelligence.”27 Sarah R.Carter,“Developing a Customer Screening Framework for the Life Sciences”(Blueprint Biosecurity,March 2024),https:/blueprintbiosecurity.org/u/2024/03/KYC-Report-_-Developing-a-Customer-Screening-Framework-for-the-Life-Sciences.pdf.28 Arianne Kane and Michael T.Par

252、ker,“Screening State of Play:The Biosecurity Practices of Synthetic DNA Providers,”Applied Biosafety 29,no.2(June 2024):8595,https:/ Rose,Tessa Alexanian,et al.,“Practical Questions for Securing Nucleic Acid Synthesis,”Applied Biosafety,March 14,2024,https:/ a Customer Screening Framework for the Li

253、fe Sciences.”29 Carter,“Developing a Customer Screening Framework for the Life Sciences.”30 Johnson,Sinclair,and Mackelprang,“Security Considerations at the Intersection of Engineering Biology and Artificial Intelligence.”31 Carter,Wheeler,et al.,“The Convergence of Artificial Intelligence and the L

254、ife Sciences.”32 Department of Homeland Security,Report on Reducing the Risks at the Intersection of Artificial Intelligence and CBRN Threats”33 Todd Kuiken,“U.S.Oversight of Laboratory Biosafety and Biosecurity:Current Policies,Recommended Reforms,and Options for Congress”(Congressional Research Se

255、rvice,September 15,2023),https:/crsreports.congress.gov/product/pdf/R/R47695.34“International Bio Funders Compact,”The Nuclear Threat Initiative,accessed August 12,2024,https:/www.nti.org/about/programs-projects/project/bio-funders-compact/.35 For equipment that is considered to be dual-use,see equi

256、pment that is regulated by:The Australia Group Control List of Dual-use Biological Equipment and Related Technology and Software,https:/www.dfat.gov.au/publications/minisite/theaustraliagroupnet/site/en/dual_biological.html;The Wassenaar Arrangement List of Dual-Use Goods and Technologies and Muniti

257、ons List,https:/www.wassenaar.org/app/uploads/2023/12/List-of-Dual-Use-Goods-and-Technologies-Munitions-List-2023-1.pdf;The European Union List of Dual-Use Items(Annex I to Council Regulation EC No.428/2009),https:/eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:02009R0428-20191231&from=EN#to

258、cId43;and the U.S.Bureau of Industry and Security,Supplement No.1 to Part Center for Security and Emerging Technology|36 774,the Commerce Control List,https:/www.bis.gov/ear/title-15/subtitle-b/chapter-vii/subchapter-c/part-774/supplement-no-1-part-774-commerce-control#category1.36 Elliot Roth,“A Gu

259、ide to DIYbio(updated 2019),”Medium,August 17,2021,https:/ Patrick Dhaeseleer,“How to Set Up Your Own DIY Bio Lab,”Make,April 11,2017,https:/ For pathogens and toxins regulated by the Federal Select Agent Program,see:7 CFR Part 331,9 CFR Part 121,and 42 CFR Part 73.For pathogens and toxins regulated

260、 by the International Traffic in Arms Regulations(ITAR)see:22 CFR Parts 120-130.For pathogens and toxins regulated by the Export Administration Regulations(EAR)see:5 CFR Parts 730-774,https:/www.ecfr.gov/.39 22 CFR Parts 120-130;5 CFR Parts 730-774,https:/www.ecfr.gov/.40 International Gene Synthesi

261、s Consortium,https:/genesynthesisconsortium.org/;Exec.Order No.14110,88 FR 7519(2023).41 Administration for Strategic Preparedness and Response,Screening Framework Guidance for Providers and Users of Synthetic Nucleic Acids(U.S.Department of Health and Human Services,October 2023),https:/aspr.hhs.go

262、v/legal/synna/Documents/SynNA-Guidance-2023.pdf.42 Administration for Strategic Preparedness and Response,Screening Framework Guidance for Providers and Users of Synthetic Nucleic Acids.43 National Science Advisory Board for Biosecurity,“Addressing Biosecurity Concerns Related to the Synthesis of Se

263、lect Agents”(December 2006),https:/biosecurity.fas.org/resource/documents/NSABB%20guidelines%20synthetic%20bio.pdf;Becky Mackelprang,“Security Screening in Synthetic DNA Synthesis”(Engineering Biology Research Consortium,April 2022),https:/ebrc.org/wp-content/uploads/2022/04/EBRC-2022-Security-Scree

264、ning-in-Synthetic-DNA-Synthesis.pdf.44 National Institute of Standards and Technology,Nonprofit Research Consortium to Develop Safety Tools for Synthetic Biology to Defend Against Potential Misuse of AI(U.S.Department of Commerce,February 16,2024),https:/www.nist.gov/news-events/news/2024/02/nist-no

265、nprofit-research-consortium-develop-safety-tools-synthetic-biology.45 Intelligence Advanced Research Projects Acitivity,Fun GCAT:Functional Genomic and Computational Assessment of Threats(Office of the Director of National Intelliigence,September 2016),https:/www.iarpa.gov/research-programs/fun-gcat

266、.46 Bridget Williams and Rowan Kane,“Preventing the Misuse of DNA Synthesis”(Institute for Progress,February 15,2023),https:/ifp.org/preventing-the-misuse-of-dna-synthesis/;“Strengthening Gene Center for Security and Emerging Technology|37 Synthesis Security,”National Security Commission on Emerging

267、 Biotechnology,June 2024,https:/www.biotech.senate.gov/wp-content/uploads/2024/06/NSCEB_WP_Strengthening-Gene-Synthesis-Security.pdf;Batalis,Schuerger,Gronvall,and Walsh,“Safeguarding Mail-Order DNA Synthesis in the Age of Artificial Intelligence”;Rose,Alexanian,et al.,“Practical Questions for Secur

268、ing Nucleic Acid Synthesis.”47 Steph Batalis and Vikram Venkatram,“Breaking Down the Biden AI EO:Screening DNA Synthesis and Biorisk”Center for Security and Emerging Technology(blog),November 16,2023,https:/cset.georgetown.edu/article/breaking-down-the-biden-ai-eo-screening-dna-synthesis-and-biorisk

269、/.48 National Security Commission on Emerging Biotechnology,Gene Synthesis Security(NSCEB,April 2024),https:/www.biotech.senate.gov/wp-content/uploads/2024/04/NSCEB_WP_Gene-Synthesis-Screening.pdf;World Economic Forum and Nuclear Threat Initiative,“Biosecurity Innovation and Risk Reduction:A Global

270、Framework for Accessible,Safe and Secure DNA Synthesis”(January 2020),https:/www.weforum.org/publications/biosecurity-innovation-and-risk-reduction-a-global-framework-for-accessible-safe-and-secure-dna-synthesis-582d582cd4/;Nicole E.Wheeler,Sarah R.Carter,et al.,“Developing a Common Global Baseline

271、for Nucleic Acid Synthesis Screening,”Applied Biosafety 29,no.2(June 2024):7178,doi:10.1089/apb.2023.0034.49 Sarah R.Carter,Jaime M.Yassif,and Chris Isaac,“Benchtop DNA Synthesis Devices:Capabilities,Biosecurity Implications,and Governance,”Nuclear Threat Initiative,May 10,2023,http:/www.nti.org/ana

272、lysis/articles/benchtop-dna-synthesis-devices-capabilities-biosecurity-implications-and-governance/;Williams and Kane,“Preventing the Misuse of DNA Synthesis”;Rose,Alexanian,et al.,“Practical Questions for Securing Nucleic Acid Synthesis”;Carter,“Developing a Customer Screening Framework for the Lif

273、e Sciences.”50 Carter,Wheeler,et al.,“The Convergence of Artificial Intelligence and the Life Sciences.”51 National Security Commission on Emerging Biotechnology,Interim Report.52 Daniil A.Boiko,Robert MacKnight,and Gabe Gomes,“Emergent Autonomous Scientific Research Capabilities of Large Language M

274、odels,”arXiv preprint arXiv:2304.05332(April 11,2023),http:/arxiv.org/abs/2304.05332.53 Hector G Martin,Tijana Radivojevic,et al.,“Perspectives for Self-Driving Labs in Synthetic Biology,”Current Opinion in Biotechnology 79(February 1,2023):102881.https:/ Carter,“Developing a Customer Screening Fram

275、ework for the Life Sciences.”55 Johnson,Sinclair,and Mackelprang,Security Considerations at the Intersection of Engineering Biology and Artificial Intelligence.Center for Security and Emerging Technology|38 56 Filippa Lentzos and Cdric Invernizzi,“Laboratories in the Cloud,”Bulletin of the Atomic Sc

276、ientists,July 3,2019,https:/thebulletin.org/2019/07/laboratories-in-the-cloud/;Federation of American Scientists,Johns Hopkins Center for Health Security,Nuclear Threat Initiative Global Biological Policy and Programs,and Scowcroft Institute of International Affairs,“Response to the NSCEBs Interim R

277、eport and AIxBio Policy Options.”57“GPT-4 System Card”(OpenAI,March 23,2023),https:/ Stuart D.Blacksell,Sandhya Dhawan,et al.,“Laboratory-Acquired Infections and Pathogen Escapes Worldwide between 2000 and 2021:A Scoping Review,”The Lancet Microbe 5,no.2(December 12,2023):e194202,https:/ DOD,2023 Bi

278、odefense Posture Review;The National Blueprint for Biodefense.60 David Gillum,“The Making of a Biosafety Officer,”Issues in Science and Technology,April 19,2023,https:/issues.org/making-biosafety-officer-gillum/;Angela L.Rasmussen,Gigi K.Gronvall,et al.,“Virologythe Path Forward,”Journal of Virology

279、 98,no.1(January 3,2024):e01791-23,https:/journals.asm.org/doi/10.1128/jvi.01791-23;Daniel Greene,Kathryn Brink,et al.,“The Biorisk Management Casebook:Insights into Contemporary Practices,”Stanford Digital Repository,March 30,2023,http:/www.nti.org/analysis/articles/the-biorisk-management-casebook-

280、insights-into-contemporary-practices/;National Biodefense Strategy and Implementation Plan.61 Stuart D.Blacksell,Sandhya Dhawan,et al.,“The Biosafety Research Road Map:The Search for Evidence to Support Practices in Human and Veterinary Laboratories,”Applied Biosafety:Journal of the American Biologi

281、cal Safety Association 28,no.2(June 1,2023):6471,https:/www.ncbi.nlm.nih.gov/pmc/articles/PMC10277988/;National Biodefense Strategy and Implementation Plan.62 Report of the Federal Experts Security Advisory Panel(Federal Experts Security Advisory Panel,December 2014),https:/www.phe.gov/s3/Documents/

282、fesap.pdf;“Impact Assessment of Research on Infectious Agents”(workshop summary,American Society for Microbiology,September 2023),https:/asm.org:443/Reports/Impact-Assessment-of-Research-on-Infectious-Agents;Alec Stapp and Arielle DSouza,“Congress Can Improve Our Pandemic Preparedness”(Institute for

283、 Progress,January 18,2024),https:/ifp.org/congress-can-improve-our-pandemic-preparedness/;Clint A.Haines and Gigi Kwik Gronvall,“Improving U.S.Biosafety and Biosecurity:Revisiting Recommendations from the Federal Experts Security Advisory Panel and the Fast Track Action Committee on Select Agent Reg

284、ulations,”Applied Biosafety 28,no.1(March 2023):4354,https:/ al.,“The Biosafety Research Road Map”;Rasmussen et al.,“Virologythe Path Forward.”63“Biosurveillance and Pathogen Detection,”National Institute of Science and Technology,updated August 19,2024,https:/www.nist.gov/programs-projects/biosurve

285、illance-and-pathogen-detection;Center for Security and Emerging Technology|39 DSouza and Schmitt,“Mapping Americas Biosurveillance”;DOD,2023 Biodefense Posture Review;National Biodefense Strategy and Implementation Plan.64 Caroline Schueger,Steph Batalis,et al.,“Viral Families and Disease X:A Framew

286、ork for U.S.Pandemic Preparedness Policy”(Center for Security and Emerging Technology,April 2023),https:/cset.georgetown.edu/publication/viral-families-and-disease-x-a-framework-for-u-s-pandemic-preparedness-policy/;The National Blueprint for Biodefense.65The National Blueprint for Biodefense;Nation

287、al Biodefense Strategy and Implementation Plan.66The National Blueprint for Biodefense.67 Juan Cambeiro,“How AI Can Help Prevent Biosecurity Disasters,”Institute for Progress,July 10,2023,https:/ifp.org/how-ai-can-help-prevent-biosecurity-disasters/;National Security Commission on Emerging Biotechno

288、logy,Interim Report.;Carter,Wheeler,et al.,“The Convergence of Artificial Intelligence and the Life Sciences.”68 The White House,Implementation Guidance for the United States Government Policy for Oversight of Dual Use Research of Concern and Pathogens with Enhanced Pandemic Potential,(National Scie

289、nce and Technology Council,May 6,2024),https:/www.whitehouse.gov/wp-content/uploads/2024/05/USG-DURC-PEPP-Implementation-Guidance.pdf.69 National Security Commission on Emerging Biotechnology,AIxBio White Paper 4:Policy Options for AIxBio(NSCEB White Paper Series on AIxBio,January 2024),https:/www.biotech.senate.gov/press-releases/aixbio-white-paper-4-policy-options-for-aixbio/.70 The White House,Implementation Guidance for the United States Government Policy for Oversight of Dual Use Research of Concern and Pathogens with Enhanced Pandemic Potential.