AI Models Breach Expert Virology Benchmarks as U.S. Biosecurity Oversight Thins
A new CSIS analysis warns that widely available large language models can now provide expert-level advice on dual-use virology, even as proposed federal budget cuts and a leadership vacancy leave key U.S. biodefense agencies short-handed.
A peer-reviewed benchmark study conducted by researchers from SecureBio, MIT, the Center for AI Safety, and the Federal University of ABC in Brazil found that OpenAI's o3 model outperformed 94 percent of expert virologists on a test designed to measure the ability to troubleshoot complex virology lab protocols. The result landed less than a week after OpenAI published its own preparedness assessment of the same model. Taken together, the two disclosures sit at the center of a new policy analysis from the Center for Strategic and International Studies that is worth reading closely.
The CSIS paper, authored by Georgia Adamson and Gregory C. Allen and published in late May, frames the benchmark not as a curiosity but as a marker of a threshold already crossed. According to the analysis, reviewed by ETL Newswire, widely available LLMs can now provide expert-level guidance on dual-use virology topics, a finding the underlying study described as an "urgent need for thoughtful access controls" on frontier models.
The dual-use problem here is concrete, not theoretical. OpenAI's own February 2025 safety writeup on its Deep Research capability stated the model could help experts with operational planning for reproducing a known biological threat and indicated that its models are close to being able to meaningfully assist novices in the same task. OpenAI subsequently classified its ChatGPT agent as "highly capable" under the biological portion of its internal Preparedness Framework, a tier reserved for capabilities that significantly increase existing risks for severe harm. That's the company's own language, and it's a moderate-confidence signal that internal red-teamers are seeing results they can't dismiss.
The CSIS paper's threat model has two parts. First, commercial LLMs lower the informational barriers to planning and executing biological attacks. Second, biological design tools, a narrower category of AI optimized for molecular engineering, could eventually assist in producing novel agents or toxins at epidemic or pandemic scale. The second risk is further out on the timeline and harder to assess; the first is here now.
What makes the CSIS analysis more than a threat brief is the budget context it lays against those findings. The FY2026 budget proposal before Congress includes cuts of roughly $18 billion to the National Institutes of Health, $3.6 billion to the Centers for Disease Control and Prevention, and $240 million to the Administration for Strategic Preparedness and Response. The White House Office of Pandemic Preparedness and Response Policy is currently without a director following the resignation of its top official, Gerald Parker. The CSIS paper notes those two facts side by side, and the juxtaposition is the story.
The paper's three recommendations are targeted rather than sweeping. It calls on Congress to fund NIST and the new U.S. Center for AI Standards and Innovation to continue work at the AI-biosecurity intersection; directs CAISI to lead evaluations of frontier biological AI tools with support from international AI Safety Institutes; and asks the White House to develop a standardized, AI-enabled DNA synthesis screening system capable of catching novel threats that evade current static-list approaches. The Trump administration's July 2025 AI Action Plan did acknowledge the dual-use risks at the AI-biology convergence, but the CSIS authors flag that proposed cuts to NIST specifically could undercut implementation before it starts.
The OpenAI biodefense program, formalized on May 29 and reported by MEXC News, puts $45 million behind two startups, Red Queen Bio and Valthos, targeting AI-enabled threat detection. That's real money in a narrow space, and it's worth watching how the company squares that investment posture with the access-control recommendations coming out of the same research community.
The honest framing here is that the AI-biosecurity policy gap isn't new, but the capability gap is closing faster than the oversight gap is narrowing. That's a low-confidence assessment about pace, but it's a high-confidence observation that the two lines are moving in opposite directions.
Sources cited:
- Center for Strategic and International Studies (CSIS) (https://www.csis.org/analysis/opportunities-strengthen-us-biosecurity-ai-enabled-bioterrorism-what-policymakers-should)
- BABL AI summary of CSIS report (https://babl.ai/ai-report-warns-falling-barriers-could-put-bioterrorism-within-reach/)
- MEXC News on OpenAI biodefense program (https://www.mexc.com/news/1119403)
This release was originally distributed via ETL Newswire. Visit Center for Strategic and International Studies (CSIS) for the full story, related releases, and contact information.
Visit Center for Strategic and International Studies (CSIS) →