A new framework for governing biological data could prevent artificial intelligence from becoming a tool for bioterrorism or accidental pandemic creation. Researchers at Johns Hopkins and Fordham Law School are proposing a system that treats sensitive genetic and biological information similarly to how nuclear materials are controlled, creating clear security levels for who can access what data. Why Is Biological Data Becoming an AI Security Problem? The concern isn't about AI itself being inherently dangerous. Rather, it's about what happens when powerful AI models trained on biological data fall into the wrong hands or amplify the capabilities of people who shouldn't have them. A novice actor with no biology background could potentially use an AI system trained on genetic data to design harmful pathogens, something that would have been impossible without the technology. The threat operates on two levels. First, AI can lower the barrier to entry for people with minimal expertise, essentially democratizing knowledge that was previously restricted to trained scientists. Second, it can raise the ceiling for expert researchers, giving them tools to accomplish things faster and more effectively than before. This offense-defense imbalance is what concerns biosecurity experts. How Does the Proposed Biosecurity Data Levels Framework Work? The framework draws inspiration from two proven regulatory systems: biosafety levels, which have governed laboratory work since the 1975 Asilomar conference on recombinant DNA, and genetic privacy regulations that already exist in many countries. Instead of classifying data based on specific pathogens, the new system would classify data based on the capabilities it enables. - Classification Approach: The framework uses a capabilities-based rather than pathogen-based system for determining data security levels - Regulatory Precedents: The proposal draws on established biosafety level standards and existing genetic privacy regulations as models - Tiered Structure: The system creates multiple security tiers recognizing that not all biological data poses equal risk but acknowledges that combinations of data, AI models, and malicious intent create genuine threats What Makes This Different From General AI Regulation? Most AI governance discussions focus on large language models (LLMs) and general-purpose AI systems. This proposal targets something more specific: biology-specific foundation models, also called genomic language models. These are AI systems trained specifically on genetic sequences and biological data, making them far more dangerous in a biosecurity context than a general chatbot. The distinction matters because general AI regulation often misses domain-specific risks. A framework designed to prevent bias in hiring algorithms won't catch the biosecurity threat posed by an AI system trained on pathogenic sequences. This proposal fills that gap by treating biological data governance as a specialized problem requiring specialized solutions. How Would This Framework Actually Get Enforced? The researchers propose multiple enforcement mechanisms working together. The National Institutes of Health (NIH) could make compliance a condition of receiving federal research grants, immediately affecting thousands of laboratories and researchers across the country. Beyond that, they recommend a mandatory federal regime that would apply to all institutions handling sensitive biological data, not just those receiving government funding. International collaboration would be essential for effectiveness. The United States generates most of the world's high-tier biological data, giving it significant leverage to set global standards. However, without international buy-in, researchers could simply move their work to countries with weaker oversight, defeating the purpose of the entire framework. What About Open-Source AI and Biological Data? One of the thorniest questions is how this framework applies to open-source biological AI development. The research community values transparency and reproducibility, which often means sharing code and data. However, making a biology-specific AI model publicly available could enable exactly the kind of misuse the framework is designed to prevent. The proposal doesn't call for banning open-source development, but it does suggest that the level of openness should match the security classification of the underlying data. A model trained on lower-risk biological information could be fully open-sourced, while a model trained on highly sensitive data would need to be tightly controlled, if released at all. Why Now? What Changed in AI That Makes This Urgent? The timing isn't random. Recent advances in AI have made it possible to train powerful models on biological data in ways that weren't feasible even five years ago. The scaling laws that govern how AI systems improve with more data mean that larger biological datasets produce more capable models. As these models become more capable, the biosecurity risks increase proportionally. The researchers point to the 50th anniversary of the Asilomar conference as a moment to reflect on how far we've come in regulating biological research and how much further we need to go in the age of AI. The original Asilomar conference established norms around recombinant DNA research that held for decades. This new framework aims to establish similar norms for the AI era. "Biological data governance in an age of AI," noted Jassi Pannu and Doni Bloomfield in their research published in Science. Jassi Pannu, Assistant Professor at Johns Hopkins Bloomberg School of Public Health; Doni Bloomfield, Associate Professor of Law at Fordham Law School The bottom line: biological data governance isn't just another AI policy debate. It's a critical infrastructure question that could determine whether AI becomes a tool for advancing human health or a weapon for causing mass harm. The researchers are essentially asking the scientific community and policymakers to get ahead of the problem before it becomes a crisis.
