Recently, the Trump administration unveiled its AI Action Plan (PDF). While there are throughlines linking this to the last administration's policies, this new plan emphasizes AI “opportunity” over AI “safety,” a recalibration previously signaled by Vice President J.D. Vance at the AI Action Summit this spring and the renaming of the AI Safety Institute as the Center for AI Standards and Innovation (CAISI). The plan is arranged in three overarching thematic pillars: accelerating AI innovation; building American AI infrastructure; and leading in international AI diplomacy and security, with recommended policy actions for each. Several policy actions in Pillars 1 and 3 are related to biology, bioweapons, and biosecurity.
We provide a primer discussing why these pillars are important for biosecurity researchers and those who fund it while also highlighting challenges to the near-term execution of these recommended policy actions.
Investing in AI-Enabled Science
AI for Science (AI4S) encompasses the application of AI, including machine learning and laboratory automation, to accelerate research breakthroughs. The current iteration of AI-enabled tools illustrates this convergence by streamlining the drug design process, forecasting potential viral variants to guide pandemic preparedness efforts, and facilitating experimental outsourcing through cloud laboratories. Advances in AI capabilities may further unlock the ability to conduct novel lines of investigation independently and autonomously. The action plan accordingly calls for investments in automated cloud-enabled labs for a range of scientific fields, including biology.
Why This Is Important
Cloud labs, where users interface with a digital platform to remotely execute experiments using automated robotic equipment, can improve the reproducibility, accessibility, and scalability of experimental biology. Laboratory automation providers, like Emerald Cloud Laboratory and Strateos, therefore provide a glimpse of what promises to become the standard for scientific research in coming decades.
The Challenge
Despite the exponential shift laboratory automation will eventually catalyze for the life sciences, funding remains the top barrier preventing researchers from adopting cloud laboratory platforms today, according to Armer et al. Changes within the biosecurity research ecosystem will be required to unlock their full potential over the coming years. Funding and training programs, for example, could render cloud laboratory platforms more accessible for biosecurity research. Nevertheless, RAND's work on cloud labs highlights that these remote automation capabilities may also introduce potential misuse risks by malicious actors seeking to develop bioweapons, particularly at the biosecurity–cyberbiosecurity nexus. Robust biosecurity measures must therefore be standardized at scientific cloud labs to mitigate these risks.
Despite the exponential shift laboratory automation will eventually catalyze for the life sciences, funding remains the top barrier preventing researchers from adopting cloud laboratory platforms today.
Building World-Class Scientific Datasets
Progress in AI has been underpinned by advances in compute, data, and algorithms. AI models must be trained on massive datasets to tackle problems across scientific disciplines; data are essentially the fuel that powers AI systems, allowing them to learn, adapt, and execute tasks like predictions and decisionmaking. Without sufficient high-quality data, AI models cannot function effectively. Two recommended actions by the action plan relate to the creation of minimum standards for bioinformatics data (the collection, classification, storage, and analysis of biological information using computational tools) and a whole genome sequencing (WGS) program that will generate valuable new datasets. Data standardization enables the collective use (PDF) of bioinformatics datasets from various sources to train future biological foundation models as a public good; the National Institute of Standards and Technology is currently soliciting public inputs (PDF) for a pilot to accelerate the creation of standards in collaboration with INCITS/AI, the private sector–led committee representing the United States to ISO/IEC—two key international standards-setting organizations. Meanwhile, a cohort of researchers has already gotten ahead of these developments by developing the LISTEN Principles (Licensed, Identified, Supervised, Transparent, Enforced, and Non-Exclusive), a FAIR-compatible set of technical specifications for genetic sequence data governance.
Why This Is Important
Data standards represent a mutual contract that defines the meaning of the included datasets, governs how that information is exchanged among end-users, and dictates the integrations that ultimately influence the behavior of Generative AI (Gen AI). Data standards consequently ensure that AI systems will make decisions aligned with human values, objectives, and societal needs in manners that span far beyond simply providing better datasets for training. Access to different types of data, moreover, provides an asymmetric advantage that may hold the key to winning the AI race.
Foundational bioinformatics data collections—such as the Protein Data Bank, which revolutionized structural biology and played a pivotal role for the 2024 Chemistry Nobel Prize winners—have helped unlock new research paradigms and propelled landmark AI advances. While the National Security Commission on Emerging Biotechnology estimates that the U.S. natural history collection consists of 800M to 1B total specimens that have yet to be cataloged for a more comprehensive understanding of biodiversity. Machine learning projections conversely hold that all high-quality language data will be exhausted by year's end, the stock of low-quality language data over the next two decades, and all vision data within the next three decades. With some suggesting a 20 percent likelihood that the scaling phenomena observed in ML models will slow by 2040 due to growing data availability bottlenecks, it is critical to focus on integrating diverse datasets, inclusive of multiomics data, to offset this potential data collapse.
The Challenge
With Gen AI, there is some speculation that standards are not needed, but this ignores the AI alignment paradox. A world without standards and guardrails opens the door to perils such as widespread deepfakes, customized misinformation, and the rapid creation of biological weapons. Countries like China, meanwhile, exemplify this tension in the biomedical realm by freely using publicly available data from abroad while simultaneously restricting access to their own domestic datasets through legislation such as the Biosecurity Law and the Implementation Rules for Regulations on the Management of Human Genetic Resources.
The U.S. government will have to protect data-sharing reciprocity while ensuring malicious actors cannot access bulk, sensitive biological data from the United States Currently, U.S. bioinformatics data are underutilized, drawn from diverse sources, and organized differently for unrelated use cases in an uncoordinated approach that calls into question the need for “new” data until the existing data stack is put in order. Collecting new datasets, particularly large-scale WGS to catalogue all life on federal lands, poses separate challenges. WGS has proven vital for identifying, tracking, and managing infectious disease outbreaks, but surrounding systems (data sharing, interpretation, workforce capacity, and priority-setting) will ultimately determine its public health impact. The same will hold true for AI. A strong case therefore exists for carefully curating existing data with the goal of maximizing utilization, a more low-cost approach for training large models that the U.S. Food and Drug Administration is already pioneering by unlocking the value of historical clinical trial and drug application data.
Evaluating National Security Risks from Frontier Models
The action plan plants a flag in the sand by establishing model evaluation as a new and rapidly evolving science that serves the U.S. government's need to understand the national security risks frontier models pose. AI is improving rapidly across domains such as Chemical, Biological, Radiological, and Nuclear (CBRN) threats, which are prioritized in frontier model evaluations. The plan describes four policy actions—continued actions from the previous administration—including one related to biological threats requiring CAISI's collaboration with agencies that have relevant CBRN expertise for frontier AI systems evaluations.
Why This Is Important
In the biological threat domain, the focus is on weapons proliferation, given the risk that models could guide malicious actors in developing and deploying bioweapons by providing actors material “uplift” beyond what is available from publicly available research or existing tools such as internet search. Frontier labs have stepped up at this critical moment by developing internal safeguards, but effective governance remains essential to ensure AI development and deployment are safe, secure, and trustworthy, requiring independent and external oversight.
The Challenge
Misuse risks involving national security are significant owing to the shifts in geopolitical order AI technologies may drive. The Virology Capabilities Test, for example, shows that OpenAI's April 2025 o3 release ranks in the 94th percentile among expert human virologists, while DeepSeek-R1's release (PDF) in January 2025 cemented the role of Chinese companies in the AI race by shattering barriers in cost and capability. These risks exist even without frontier models, but the overall advances in information synthesis, logical reasoning, and automated generation of these tools mean they may increase the scale, prevalence, or impact of malicious activity, though RAND's red-team experiment suggests this remains beyond today's AI capabilities.
Nevertheless, national security knowledge is inherently dual-use, since the knowledge required to develop a malicious biological agent may also be used for medical countermeasure development or educational purposes. In the RAND study, for example, an AI model described how to cause maximum casualties with a biological weapon. This underscores the need for safeguards that restrict access to potentially harmful knowledge within LLMs by malicious users, without compromising their utility for legitimate research. With frontier labs now fully engaged in a race for dominance, there is an urgent need to examine the role third-party evaluators can play both in assessing AI safety and designing robust testing frameworks. For frontier model evaluations, three best practices remain clear: evaluate throughout the model lifecycle, evaluate frequently, and evaluate iteratively.
Investing in Biosecurity
With the proliferation of dual-use research, biosecurity—systems and practices employed in legitimate facilities to reduce the risk of deliberate or malicious use of biological agents—is of increasing strategic importance. The action plan is light on this front, largely recycling policy from the model evaluation section and focusing on nucleic acid sequence (NAS) enforcement measures, such as screening, customer verification, and facilitating data sharing between NAS providers to support enforcement.
With the proliferation of dual-use research, biosecurity—systems and practices employed in legitimate facilities to reduce the risk of deliberate or malicious use of biological agents—is of increasing strategic importance.
Why This Is Important
The spectrum of biosecurity threats extend beyond the NAS domain and biosecurity is essential for protecting health, economies, environments, and national security from biological threats—whether natural, accidental, or deliberate. Recent global events, such as the COVID-19 pandemic, have underscored these vulnerabilities and the need for robust biosecurity systems. Advancing our understanding of disease transmission dynamics often requires safely and securely working with the dangerous pathogens that cause them. However, such laboratory work carries potential accident risks which some suggest may have led to the emergence of SARS-CoV-2, the virus responsible for COVID-19.
The Challenge
The risks from commercial gene synthesis remain real. The increasing availability and falling costs of custom synthetic nucleic acids could allow nefarious actors to obtain sequences from dangerous organisms, or even novel engineered pathogens, to construct a biological weapon. Securing this risk pipeline must therefore become a policy priority for both governments and the synthetic biology industry.
With no legal requirement for NAS providers to screen clients or their purchases, custom-order genes could potentially open up new risks—some DNA sequences code for genes from pathogens and toxins that could cause harm if misused. This challenge will compound as emerging scientific disciplines, including AIxBio, continue to drive demand for gene synthesis. Owing to the costs associated with screening NAS orders, some industry experts posit that a functional “sequence of concern” approach should be key to decisionmaking. But this strategy will be fraught with the known pitfalls of list-based efforts like the Federal Select Agent Program, coupled with the difficulty of classifying sequences with unknown or hypothetical functions as unharmful when attempting to exclude them from the screening procedures.
While still in the earliest stage of implementation, the Trump administration's AI Action Plan provides a framework for harnessing AI as a general purpose technology (PDF) across the life sciences. The challenges outlined above, however, reveal immediate governance gaps that will determine whether AI serves as a force multiplier for biosecurity or instead becomes a catalyst for misuse. Closing these gaps will require sustained investment, ongoing public-private partnerships, and a careful balance between rigorous AI safeguards and innovative latitude. Yet the window to align AI innovation with biosecurity imperatives is narrowing as model capabilities rapidly evolve. A failure to act at this precipice risks ceding technological leadership while also creating more invisible vulnerabilities that could prove catastrophic if exploited by malicious actors.
