By David Bray, PhD

Assuming Good Faith, Addressing Real Concerns

I want to begin by acknowledging that concerns about AI enabling the creation of designer bioweapons come from a place of genuine care for public safety. Those raising these alarms are thoughtful people motivated by a desire to protect lives. I respect that intention deeply, and I assume good faith in their warnings.

However, I believe the proposed solution of restricting AI access to biological data fundamentally misunderstands both the nature of the threat and the nature of technology itself. More importantly, it distracts us from a solution that is both technically feasible today and addresses a broader set of risks, including naturally occurring pandemics that require no malicious actor at all.

Let me explain why attempts to censor AI capabilities will fail, and what we should be doing instead.

The Dark Web Doesn’t Wait for Permission

The assumption that we can prevent AI from being used for harmful biological research rests on a flawed premise: that we can control access to both the AI models and the underlying biological data. This assumption ignores the basic reality of humanity, both in the pre-digital era and our current digital era too: Malicious actors do not play by the rules.

Consider WormGPT, a malicious large language model designed specifically for cybercrime. WormGPT allows users to generate harmful content like phishing emails and malware without the ethical guardrails present in commercial AI systems. There are various versions of WormGPT, including WormGPT v2 and other variants like FraudGPT, which have emerged in the underground market. These tools are not theoretical. They exist today, operating in the shadows of the Dark Web, completely outside the reach of any regulatory framework.

If we believe that AI will enable bioweapons, then we must also accept that restricting commercial AI systems will simply push this capability underground. Bad actors will develop their own models, train them on publicly available biological data, and operate entirely outside the control of any specific nation or regulatory body. Meanwhile, many possible benefits to humankind are held back by a regulatory veil that does nothing to accomplish the original intent nor address here-and-now concerns existing with AI even before potential frontier developments. Censorship does not eliminate the threat. It merely ensures that the threat develops in places where we cannot see it, study it, or counter it.

This is not speculation. It is the pattern we have seen repeatedly with dual-use technologies. Encryption, for example, can protect both legitimate privacy and criminal activity. Attempts to mandate backdoors in encryption have consistently failed because malicious actors simply use encryption tools developed outside regulated jurisdictions. The same will be true for AI and biological data.

Knowledge Is Not Expertise: A Critical Distinction

Before discussing biological detection, we must address a common misconception that fuels excessive fear and counterproductive policy responses. There is a profound difference between “knowledge of something” and “experience in doing” something.

Consider the path of a medical doctor. A physician requires textbook knowledge, certainly, but that knowledge alone does not make a surgeon. A surgeon must spend many long hours of practice, first with teachers, then with cadavers, then with patients under the close supervision of an experienced mentor, before they gain true expertise. An AI agent might tell a human how to perform a liver transplant step by step, but almost all humans without that extensive practice and training are not ready to perform a liver transplant. They would fail, and the patient would die.

This distinction is critical because it should temper our fear. The mere availability of information, whether from an AI, a textbook, or a scientific journal, does not automatically translate into the capability to cause sophisticated harm. Weaponizing a pathogen or building a reliable drone swarm requires not only knowledge, but also hard-won expertise, equipment, and the necessary reagents to bring everything together. When we immediately equate information with imminent danger, we risk knee-jerk reactions toward censorship or excessive AI paranoia. This reaction is not only inconsistent with the values of a free society, but it is also counterproductive. It forces information underground, where it cannot be studied or countered, and it fails to prepare us for naturally evolving pathogens that require no malicious actor at all.

We cannot “un-invent” dangerous knowledge. The genie is out of the bottle. The genome of the 1918 Spanish Influenza is public, and CRISPR is widely available. Trying to censor scientific papers is a futile exercise. Furthermore, it prevents transparency of methods and peer-review, which are the bedrock of scientific methods.

Here, we must return to our foundational distinction: knowledge of is different from expertise in doing an activity. The fact that a genome is published does not mean that any individual can weaponize it. Reanimating a pathogen requires not just the “textbook” information, hard-won practical skill, equipment, and the necessary reagents to bring everything together. Just as reading about a liver transplant does not make one a surgeon, reading a scientific paper does not make one a bioweaponeer through that information alone. When we panic and rush to censor, we not only violate the principles of open inquiry that underpin scientific progress, but we also fail to address the real threat: the small number of individuals who might acquire the expertise to cause harm and their attempts to purchase equipment, reagents, and other material for such ends.

The Smoke Detector Approach: Detection Over Restriction

When fires in cities became a concern, including human-caused fires via arson, the solution was not to ban matches or restrict knowledge of combustion. The solution was smoke detectors, fire alarms, sprinkler systems, and other approaches that could rapidly alert first responders, help get people out of harm’s way, and accelerate work to contain the blaze.

The first smoke detector was invented in 1902 by George Andrew Darby and by the 1960’s battery-powered smoke detectors were suitable for residential use. By 1975, smoke detectors began to be mass-produced for public consumption.

It’s important to note that we did not try to prevent fire from existing. We built systems to detect it early and respond quickly. We also worked to make buildings more resistant to fire too.

The same principle applies to biological threats.

Instead of restricting knowledge, we must focus on detecting the application of that knowledge for harm. This means normalizing the use of automated wastewater testing and air sampling in transportation hubs and major cities. Thie approach builds the foundation for what could become a “digital immune system“ for societies. Just as a smoke detector sniffs the air for fire, these systems analyze the biological “exhaust” of a city to detect anomalies, novel pathogens, or spikes in specific agents, days, or weeks before clinical cases show up in hospitals.

This allows us to act “left of boom,” containing a biological event before it becomes a pandemic. In the same way the polio vaccine addressed polio, advance knowledge of emerging threats can be used to design remedies for future biological threats. The key is early detection and appropriate intervention, not censorship.

This is not a theoretical proposal. I spent many years as IT Chief for the Bioterrorism Preparedness and Response Program, including leading the response to the Anthrax Events in 2001 and SARS, the original coronavirus that almost became a pandemic, in 2003. During that time, we developed privacy-preserving methods to detect biological threats without creating a surveillance state.

Later in 2013 and again in 2016, I proposed to DARPA the concept of a “planetary immune system.” The vision was straightforward: compress the time between pathogen detection and effective remediation.

SARS-COV-2, the virus responsible for COVID, demonstrated the urgent need for this approach regardless of any misuse of AI for biological ends. Our current methods for pathogen detection and antigen development are too slow. Should there ever be a future outbreak that risks becoming a pandemic: by the time we identify a novel pathogen, sequence its genome, develop a vaccine, conduct clinical trials, and distribute it globally, we risk millions of people already having been impacted.

We must compress the time between pathogen detection and effective remediation. Fortunately, nowadays the technology exists for us to pioneer the biological equivalent of smoke detectors.

What we need now is the will to champion the development activities necessary to make these technologies available and affordable, as well as the willingness to embrace an approach to risk mitigation instead of debilitating restrictions of AI for good.

It’s worth noting that this article was written hours before a recent June 2026 alert went off in the Pentagon of a possible hazardous material concern, specifically “a potential air quality issue, prompting immediate precautionary safety measures and evaluation.” Though officials later confirmed that no hazard existed and normal operations could be resumed, this shows exactly the value of such a risk-mitigation approach.

Privacy-Preserving Detection: It Can Be Done

I anticipate the objection: “Won’t this create a surveillance state?” The answer is no, if we design the approaches correctly.

During my time leading bioterrorism preparedness efforts, we developed methods to detect biological threats without compromising individual privacy. The key is to design sensors that are “blind” to personally identifiable information. Like a smoke detector, these sensors detect anomalies in the environment, not the identities of individuals.

For example, wastewater testing can detect the presence of pathogens in a community without identifying any individual. Air sampling in transportation hubs can detect unusual biological signatures without tracking who is traveling. These systems analyze the biological “exhaust” of a city, not the behavior of its citizens.

Moreover, we can build in transparency and oversight from the start. One possibility is to begin with a pilot, perhaps monitoring future outbreaks in one community that buys into the idea. The project would be completely transparent, specifying standards for the ethical use of data, with perhaps a citizen group that oversees all decisions. If the pilot works and people feel comfortable, it could expand to other communities.

Data should be retained only as long as necessary to assess immediate threat and automatically deleted when the risk threshold is not met, with individuals having redress rights. This approach respects data sovereignty while enabling the rapid connection of dots that has eluded us in past crises.

Nature Doesn’t Wait for Policy Debates

Here is the most crucial point: even if there are no human attempts to commit bioterrorism in the next 15 years, nature is always attempting to send novel pathogens our way. Viruses mutate. Bacteria evolve resistance. Zoonotic diseases jump from animals to humans. These are not hypothetical risks. They are ongoing realities. Examples include Avian Influenza, Ebola, the Zika virus, Nipah virus, and SARS-COV-2.

By building biological smoke detectors now, we make ourselves more resilient for either a natural or a human-caused event. This is not just about preventing bioterrorism. It is about building a robust public health infrastructure that can respond to any biological threat, regardless of its origin.

If we focus our energy on trying to censor AI or restrict access to biological data, we will be unprepared when the next pandemic arrives. And given that nature is constantly evolving new and novel pathogens, it will arrive. The question is not if, but when.

The Path Forward: Up and Through

The answer to the challenge of AI and bioweapons is not restriction. It is thoughtful advancement. We must go “up and through”. By building the equivalent of biological smoke detectors that alert us to emerging risks, no government action is required. This is similar to how communities, companies, and residential households alike all can employ smoke detectors to detect fire and enhance their safety without massive government regulation.

This approach offers multiple benefits. It addresses both human-caused and naturally occurring biological threats. It can be implemented in privacy-preserving ways. It does not require massive intergovernmental collaboration before researchers can get started. And it aligns with the values of a free society that prioritizes open inquiry and individual liberty.

For policymakers, this means shifting resources from futile attempts to control information toward practical investments in detection infrastructure. For investors and VCs, this approach represents a significant opportunity to fund technologies that will be essential for global health security. For entrepreneurs, this approach is a call to build the biosensors, algorithms, and distribution networks that will form the backbone of a planetary immune system. For corporate boards, this is a reminder that resilience is not just about cybersecurity. Biological threats pose an equal, if not greater, risk to business continuity.

The choice is clear. We can waste precious time and resources attempting to censor certain applications of AI, driving AI underground, including AI employed by bad actors, and leaving ourselves vulnerable to both malicious human attempts to misuse biology as well as natural pandemics. Alternatively, we can build the detection and response systems that will actually keep us safe.

If we use just 10% of the energies spent by people so concerned about AI + Bio to actually build the equivalent of modern day “smoke detectors” for biological concerns, be they caused naturally or by humans, we will be much better off as a planet together.

Onwards and upwards together.

Read more articles from Dr. David Bray here.