Published by Emerging Technologies Laboratory · via ETL Newswire
Security· 

CEPI Flags Misuse Risk in Its Own Agentic AI Pandemic Platform

The vaccine coalition publicly acknowledges its Pandemic Preparedness Engine could be weaponized by bad actors, and says biosecurity guardrails are being built in parallel, not ahead, of the system's deployment.

By Renée Kovac, Correspondent · Security Desk

The Coalition for Epidemic Preparedness Innovations published a detailed biosecurity analysis this month of its own flagship AI project, the Pandemic Preparedness Engine, conceding that the platform carries serious dual-use risk if it lands in the wrong hands. That kind of public self-disclosure from a major multilateral health body is worth reading carefully, and skeptically.

The PPX, as CEPI calls it, is designed to compress vaccine development timelines to 100 days after a novel pathogen is identified. According to a technical piece published June 11 on cepi.net by CEPI biosecurity consultant Dr. Sarah R. Carter and PPX Access Lead Mats Olsen, the platform will incorporate agentic AI capabilities, meaning AI that can plan, coordinate, and act across multi-step tasks, spanning pathogen surveillance, antigen design, and regulatory submission. That's a powerful capability set. It's also, as CEPI acknowledges directly in the same document, a potential harm multiplier.

The plain language in the cepi.net post is notable. CEPI states it "recognises the potentially serious biosecurity risks that new biological AI systems pose in the event they are intentionally misused by malicious actors to cause harm." That's a moderate-confidence admission, not a finding, and it puts the burden squarely on CEPI's governance architecture to hold.

The governance architecture, by their own account, isn't finished. The cepi.net post describes a multi-layered approach that includes a federated data architecture, risk assessments on biological data and AI models, and, the part that should raise analyst eyebrows, an autonomous biosecurity agent that would monitor the system and flag risks in real time. CEPI says the details of these layers "are likely to change as the risks are better understood." That's a candid disclosure, but it also means the platform's misuse-prevention stack is being developed alongside the platform itself, not before it.

Philanthropy Sentinel Bio is the named partner on biosecurity design. A grant document on sentinelbio.org confirms it provided $132,000 to CEPI in August 2025 to fund an AI/biosecurity expert who would design and implement managed-access safeguards for the Engine. For context: $132,000 is a small number relative to the scale of what CEPI describes as a $3.8 billion portfolio across 47 countries. Whether that staffing level is adequate to the threat model they're describing is a fair question and one CEPI doesn't directly address.

The UK government is watching closely, though it isn't offering much operational specificity. At a conference convened by Imperial College London's new Biosecurity Network of Excellence earlier this month, UK Security Minister Dan Jarvis warned publicly that biological threats are becoming "more complex, more frequent and more interconnected," according to an Imperial College news release. UKHSA chief executive Professor Susan Hopkins, speaking at the same event, described the current biosecurity landscape as driven by "advanced technologies that are inherently dual-use," capable of producing health security gains or enabling harm, depending on who controls them.

Hopkins's framing maps directly onto the PPX problem. A platform that can propose vaccine candidate designs in hours from genomic data is, architecturally, adjacent to a platform that could assist in identifying dangerous sequences. CEPI knows this. So does the biosecurity community. The dual-use flag here isn't resolved by calling the platform defensive in intent, it's resolved, to whatever degree it can be, by the robustness of the access controls and the independence of the oversight mechanism.

On that front, the cepi.net post says access governance determinations must be "context-dependent" and "overseen by governance mechanisms that are representative, transparent, and trusted." Those are the right principles. They're also unfinished sentences until CEPI publishes the specific criteria, the appeals process, and who sits on whatever body makes the calls.

The budget environment makes this harder. A CSIS analysis published last month noted that the FY2026 U.S. budget proposal includes cuts of $18 billion to NIH, $3.6 billion to CDC, and $240 million to the Administration for Strategic Preparedness and Response, the agencies that would normally help set and enforce biosecurity norms for systems like PPX. Fewer federal resources for norm-setting means more of that work falls to multilateral bodies and private philanthropies. That's not inherently wrong, but it's a structural shift worth tracking.

The PPX is not operational yet. CEPI says technical development is just beginning. The window to get the governance right is open. Whether it stays open long enough is the story.

Sources cited:
- CEPI biosecurity-by-design post (cepi.net) (https://cepi.net/biosecurity-design-cepis-pandemic-preparedness-engine)
- Sentinel Bio grant record (sentinelbio.org) (https://sentinelbio.org/grant/coalition-for-epidemic-preparedness-innovation/)
- Imperial College London Biosecurity Network of Excellence launch (imperial.ac.uk) (https://www.imperial.ac.uk/news/articles/2026/biosecurity-at-the-frontier-conference/)
- CSIS analysis on AI-enabled bioterrorism and U.S. biosecurity funding (csis.org) (https://www.csis.org/analysis/opportunities-strengthen-us-biosecurity-ai-enabled-bioterrorism-what-policymakers-should)
- CEPI Securing the Pandemic Preparedness Engine (cepi.net) (https://cepi.net/securing-pandemic-preparedness-engine)

Reporting by Renée Kovac, Correspondent, for the Security desk · ETL Newswire staff
Read more at the source

This release was originally distributed via ETL Newswire. Visit CEPI biosecurity-by-design post (cepi.net) for the full story, related releases, and contact information.

Visit CEPI biosecurity-by-design post (cepi.net) →