AI-designed proteins expose critical zero day vulnerability in biosecurity DNA screening

Researchers find that AI tools can be abused to rewrite toxic protein DNA to evade biosecurity filters.

Researchers have uncovered a critical zero-day vulnerability in global biosecurity screening systems that are designed to prevent the misuse of DNA to create deadly toxins and pathogens.

Their findings, published in the journal Science, revealed that AI protein design tools can manipulate the genetic blueprints of dangerous proteins to evade detection by biosecurity screening software used by DNA synthesis companies worldwide. How? By rewriting DNA sequences while keeping their toxic structure intact.

This raises serious concerns about AI’s dual-use potential in biology, where the same technologies advancing drug discovery can also be exploited to create harmful biological agents (gain-of-function research).

In silico vulnerability?
Led by Microsoft Chief Scientific Officer Eric Horvitz, the red-team researchers used generative AI algorithms to digitally redesign over 75,000 variants of known toxins such as ricin and botulinum. These redesigned sequences were tested against widely deployed biosecurity filters, and were found to bypass standard screenings at a troubling rate.

Horvitz noted these reformulated sequences “flew through the screening techniques,” highlighting a previously unknown vulnerability in biosecurity defenses. The exercise was conducted entirely in silico, with no actual synthesis of dangerous proteins, to avoid any risk of misuse.

In response to this discovery, the firm collaborated with DNA synthesis companies and biosecurity software developers in a rapid, cross-industry effort to patch the vulnerability. After 10 months of iteration and testing, updated screening protocols were deployed globally, improving detection rates to identify approximately 97% of AI-generated hazardous variants. However, about 3% still evade current detection, signaling an ongoing need for vigilance and continual improvement.

According to Emily Leproust, CEO, Twist Bioscience, one of the firms involved in investigations: “As AI capabilities evolve, screening practices must evolve just as quickly.” Horvitz has in turn urged careful management of the dual-use risks of AI technology: “With new power comes responsibility for vigilance and thoughtful risk management.”

The zero-day incident underscores a growing biological threat posed by AI’s capability to engineer proteins that traditional screening methods may miss. It also exemplifies the importance of industry-wide collaboration between biotechnology firms, AI researchers, and regulators to mandate responsible AI practices and strengthen defenses.