The control software used by DNA synthesis companies has always been considered the last line of defense against the inadvertent creation of dangerous sequences. But a study published in Science demonstrates that this confidence can be misleading: thanks to artificial intelligence, it is now possible to bypass these systems and produce on demand sequences close to known toxins or viruses, without being detected. The experiment was conducted by a Microsoft team led by Eric Horvitz. Inspired by cybersecurity practices, the researchers tested the robustness of the filters by directly attacking their flaws. The principle is simple: use protein design tools to "paraphrase" worrying sequences, that is, modify their order while preserving the three-dimensional structure that determines their function. The result: thousands of dangerous sequences slipped through the net as if nothing had happened.
The Achilles heel of biological defenses
The discovery caused a "moment of panic" in biosecurity labs: the industry's most widely used software proved incapable of identifying these AI-generated variants. A patch has since been developed, significantly improving the detection rate, but it remains imperfect. Even after updating, around 3% of potentially harmful sequences still escape the filters. This breach illustrates a growing tension: the same tools capable of inventing useful proteins to fight cancer, neutralize viruses, or clean up the environment could also be used to manufacture biological weapons. The creative power of AI therefore requires us to rethink biosecurity as a discipline close to cybersecurity, where threats are constantly evolving and require ever-adaptable defenses.
Between scientific openness and defensive secrecy
The publication of this work posed a dilemma: how far should information be shared? In the world of cybersecurity, revealing a flaw allows it to be quickly corrected. But in biology, disclosing too many details amounts to giving away potential weapons. The researchers therefore opted for multi-level dissemination: certain sensitive data are now accessible only through a procedure supervised by the International Initiative for Biosafety and Biosecurity in Science (IBBIS). The episode highlights another weakness: no law requires DNA synthesis companies to systematically filter their orders. However, production costs are falling while control costs remain stable. The temptation to cut back on security spending therefore exists. NGOs such as the Nuclear Threat Initiative have been warning of this imbalance for several years, advocating for filtering to become mandatory internationally. Ultimately, the vulnerability revealed by Microsoft is not just a technical alert. She points out that in a world where AI is accelerating the invention of life, every scientific advance requires an equal effort in safeguards. The future of biosecurity will not only be played out in laboratories, but also in the ability of states and industrial players to establish common rules before the next flaw is exploited.
