Published by Emerging Technologies Laboratory · via ETL Newswire
Security· 

CEPI Builds Biosecurity Guardrails Into AI Pandemic Engine as U.S. Defunds Its Own Biodefense Evaluators

A new CEPI framework embeds biosecurity controls into its agentic AI vaccine platform, while a CSIS analysis warns that proposed U.S. budget cuts are gutting the very agencies tasked with policing the same technology.

By Renée Kovac, Correspondent · Security Desk

Two documents dropped this month that, read together, describe a gap forming at the center of global AI biosecurity governance: one institution is building the guardrails in, and the U.S. government is in the process of defunding the inspectors.

On June 11, CEPI published a detailed account of what it's calling a biosecurity-by-design approach for its Pandemic Preparedness Engine for Disease X, known as PPX. According to the piece authored by CEPI biosecurity consultant Dr. Sarah R. Carter and PPX Access Lead Mats Olsen and posted to CEPI's own website, the PPX is being built as an agentic AI platform: one that can plan, coordinate, and execute multi-step tasks spanning pathogen surveillance, vaccine design, and regulatory submission. That scope is exactly where dual-use ambiguity lives.

<cite index="1-4">CEPI acknowledges it "recognises the potentially serious biosecurity risks that new biological AI systems pose in the event they are intentionally misused by malicious actors."</cite> That's not a boilerplate disclosure. An agentic system with access to pathogen data and vaccine design pipelines is, by definition, a dual-use tool. The question isn't whether it could be misused; it's whether the governance structure can hold.

CEPI's proposed answer is layered. <cite index="1-9">Additional biosecurity layers for the PPX include cybersecurity and data security through a federated data architecture, risk assessments and guardrails for biological data and AI models, and an autonomous biosecurity agent that could oversee the system.</cite> Federated architecture is a meaningful technical choice: it means raw data doesn't have to be centralized to be queried, which limits the blast radius of a breach. Whether the autonomous oversight agent is a genuine control or a reassuring label is a question the document doesn't fully resolve.

<cite index="1-17">CEPI describes this biosecurity-by-design approach as "a fundamental departure from traditional research funding models, which have largely focused on mitigating risks only after technologies are developed."</cite> That framing is defensible. Retrofitting biosecurity controls onto a deployed agentic system is considerably harder than building them in. The field's track record on post-hoc controls is not encouraging.

<cite index="1-6">Participants at a March 2026 CEPI-WHO Africa workshop emphasized that determinations about trusted users or legitimate institutions must be context-dependent, consistent with equitable access principles, and overseen by governance mechanisms that are representative, transparent, and trusted.</cite> That's the hard part. Access controls that are too tight fail the equity test; too loose and they're not controls at all.

Meanwhile, on the U.S. side, the picture is less organized. A CSIS analysis reviewed by BABL AI, authored by Georgia Adamson and Gregory C. Allen, finds that <cite index="19-13,19-14">AI could drastically lower the barriers to bioterrorism, and that rapid advances in large language models and biological design tools could help bad actors develop or even invent pathogens with pandemic potential.</cite> The confidence level on that assessment is moderate: the uplift evidence is real but contested, and the operational pathway from LLM query to working pathogen still involves substantial tacit knowledge that AI hasn't yet bridged for most actors.

The structural problem the CSIS paper identifies is harder to argue with. <cite index="18-2">The Trump administration's AI Action Plan identifies NIST and CAISI as the primary U.S. government contacts for leading security testing of frontier AI models for biological and other national security risks.</cite> But <cite index="18-4,18-5">just as the administration is tasking NIST and CAISI with deeper and broader responsibilities, it is also proposing significant reductions in their budgets, including a $325 million cut to NIST's funding.</cite>

The budget math is stark. <cite index="27-1,27-2">CAISI's current operational budget is only $15 million; analysts at the Institute for Progress estimate the center would need at least $84 million annually to fulfill all AI Action Plan taskings related to AI readiness.</cite>

That gap matters for biosecurity specifically because <cite index="22-1,22-2">CAISI is tasked with establishing voluntary agreements with private sector AI developers and leading unclassified evaluations of AI capabilities that may pose risks to national security, with biosecurity listed as a focus area.</cite> If evaluations aren't adequately resourced, the voluntary agreement framework is largely symbolic.

<cite index="18-7">Shrinking NIST's budget and expertise would degrade U.S. capacity to prepare for and respond to biorisks at the same time the FY2026 budget proposal threatens cuts to the NIH of $18 billion, the CDC of $3.6 billion, and the Administration for Strategic Preparedness and Response of $240 million.</cite>

The dual-use ambiguity here isn't resolvable by either document. An AI system powerful enough to compress the 100-day vaccine development timeline is, by definition, powerful enough to assist actors with harmful intent. CEPI is trying to build the control layer into the foundation. Whether its governance partners, particularly the access-management institutions in the Global South that the PPX is meant to serve, will have the capacity to implement those controls is an open question. And the U.S. government, which has historically anchored AI evaluation norms internationally, is doing that work with a shrinking bench.

Sources cited:
- CEPI, Biosecurity-by-Design for CEPI's Pandemic Preparedness Engine (June 11, 2026) (https://cepi.net/biosecurity-design-cepis-pandemic-preparedness-engine)
- CSIS, Opportunities to Strengthen U.S. Biosecurity from AI-Enabled Bioterrorism (https://www.csis.org/analysis/opportunities-strengthen-us-biosecurity-ai-enabled-bioterrorism-what-policymakers-should)
- BABL AI, AI Report Warns Falling Barriers Could Put Bioterrorism Within Reach (https://babl.ai/ai-report-warns-falling-barriers-could-put-bioterrorism-within-reach/)
- NIST, Center for AI Standards and Innovation (CAISI) (https://www.nist.gov/caisi)
- Institute for Progress, What Will It Cost for the US to Be Ready for the Next Big AI Breakthrough? (https://ifp.org/funding-for-caisi/)

Reporting by Renée Kovac, Correspondent, for the Security desk · ETL Newswire staff
Read more at the source

This release was originally distributed via ETL Newswire. Visit CEPI, Biosecurity-by-Design for CEPI's Pandemic Preparedness Engine (June 11, 2026) for the full story, related releases, and contact information.

Visit CEPI, Biosecurity-by-Design for CEPI's Pandemic Preparedness Engine (June 11, 2026) →