Threat Disruption, Attribution & Deterrence
Develop capabilities to monitor and disrupt threat groups, identify the origins of biological incidents, and signal that misuse will be detected and attributed.
Last updated: May 11, 2026 · Public updates are batched quarterly, with urgent corrections as needed.
5-year budget target
Pillar
Five-Year Trajectory
2026
Launch an information-sharing system for threat reporting among providers of high-risk biological materials and services
2027
Operationalize provider-to-provider and provider-to-government threat sharing and misuse monitoring
2028
Require misuse monitoring and threat sharing for high-risk biological services
2029
Achieve broad compliance with synthesis screening, KYC, AI-bio safeguards across distinct model tracks, and misuse monitoring
2030
Reach misuse-detection and red-teaming coverage targets across high-risk services
Current Status of the Field
Misuse-monitoring, anomaly-detection, microbial forensics, and cross-provider threat-sharing tools are progressing, but they are rarely integrated across the full biological supply chain.
Law-enforcement and national-security pathways exist for some threats, but legal permissions for provider-to-provider and provider-to-government sharing remain underdeveloped.
The bottleneck is trust and governance: providers need privacy, antitrust, liability, and escalation rules that let them share signals without creating new legal or customer-safety risks.
The Problem
Deterrence in the biological domain is weak because both pillars of deterrence are underdeveloped: credible detection of malicious activity before an incident, and credible attribution afterward. There is no comprehensive system for providers of high-risk biological materials, services, and AI tools to share threat signals, and microbial forensics remains insufficiently operationalized at scale.
The Solution
The most tractable first step is to build public-private threat-reporting and misuse-detection systems that allow providers to share signals with one another and with law enforcement. Over time, these systems should feed stronger disruption, attribution, and deterrence capabilities, supported by better forensics, stronger background data, red-teaming, and exercised response mechanisms. Export-control regimes for sensitive biotechnology equipment, precursors, and dual-use AI/biological model assets are an additional disruption lever, restricting threat-actor access at the supplier and border level rather than only at the point of sale. The long-term goal is not merely information sharing, but credible attribution: a world in which engineered bioincidents can be traced to likely sources and attackers understand that biological misuse is increasingly likely to be detected, attributed, and punished.
Objectives
- ◆Detection & information sharing: Providers of high-risk biological materials and services deploy misuse detection systems, share threat signals with each other, and alert law enforcement of misuse, under legal frameworks that address privacy, customer safety, and antitrust risks. Over time, a cross-supply-chain biological threat intelligence capability is established, comparable in institutional maturity to nuclear proliferation monitoring.
- ◆Attribution: Microbial forensics can trace an engineered pathogen to its likely source, and governments credibly signal that biological attacks will be attributed and perpetrators held accountable.
- ◆Red teaming: Misuse safeguards are routinely red-teamed to detect and address vulnerabilities, including synthesis screening, KYC, and AI model safeguards.
- ◆Export controls: Coordinated restrictions on transfers of high-risk biological equipment, precursors, dangerous training data, and dual-use AI/biotechnology model assets, applied through national export-control regimes and aligned across major suppliers.
Urgent 2026 Milestone
Develop and launch an information-sharing system for providers of high-risk biological materials and services to share threat signals.
Long-term Targets
Misuse detection coverage
Red-teaming coverage
Year-by-Year
Philanthropy
- •Fund development and deployment of misuse-detection systems for synthesis providers, CROs, and cloud labs
- •Fund R&D on technologies to identify the origin of bioincidents
- •Convene pilot threat-sharing protocols between industry and law enforcement
Private Sector
- •Implement misuse monitoring and participate in threat information sharing with other providers and law enforcement
- •Support forensics capability building and relevant data sharing
Government
- •Begin building systems and legal pathways for provider-to-government threat reporting and bioincident attribution support
- •Prioritize law-enforcement pathways for escalating provider-generated threat signals
- •Begin developing protocols to detect and counter fabricated or misleading bioattack evidence
Philanthropy
- •Continue funding deployment of screening software and independent audit capacity across providers, including smaller and international firms
- •Support implementation-focused KYC tools and verification infrastructure
- •Continue funding separate AI-bio evaluation tracks for frontier LLMs, biological foundation models, and autonomous-lab workflows
- •Support broader bio-audit adoption, institutional awareness, and development of publication-risk-management norms
- •Continue support for misuse-detection tooling and cross-provider threat-sharing systems
Private Sector
- •Implement standardized synthesis screening and customer verification at scale
- •Participate in split-order detection systems and submit to independent screening verification where possible
- •Expand KYC adoption across high-risk vendors and service providers
- •Make AI-bio evaluation and safeguard deployment routine across separate LLM, biological foundation model, and autonomous-lab tracks
- •Expand participation in bio-audits, accident reporting, pre-publication review, and institutional adoption pilots
- •Routinely share threat signals and maintain misuse monitoring
Government
- •Move from legislative or rulemaking activity to initial compliance and oversight in synthesis screening and KYC
- •Support independent verification of AI biorisk evaluation and safeguard adoption through track-specific formal agreements or requirements
- •Expand implementation of accident-reporting requirements, research-risk oversight, and institutional participation pathways
- •Support law-enforcement pathways for escalating provider-generated threat signals
Philanthropy
- •Support more advanced evasion-resistant and function-based screening R&D
- •Support scaling of KYC tools and red-teaming across a broader set of high-risk service categories
- •Support secure data infrastructure for high-risk biological AI training data and continued safeguard research across LLM, bio-foundation-model, and autonomous-lab tracks
- •Support global governance reform, institutional adoption, and continued capacity-building for bio-audits and risk-based research oversight
- •Support public communication efforts that reinforce deterrence posture and accountability
Private Sector
- •Submit to independent screening verification and deploy updated screening algorithms
- •Extend KYC and more extensive customer vetting to newly covered categories such as CROs, cloud labs, repositories, and AI/bio tools
- •Continue safeguard deployment for high-risk AI systems and participate in track-specific red-teaming
- •Expand compliance with institutional risk-governance requirements, adoption programs, and misuse monitoring mandates
Government
- •Enforce synthesis-screening compliance and audit requirements
- •Regulate the secondary market for benchtop synthesis devices and broaden KYC requirements to additional high-risk categories
- •Mandate safeguards for high-risk AI systems with biological capabilities across separate LLM, biological foundation model, and autonomous-lab pathways
- •Institutionalize accountable public oversight for high-consequence biological research, including licensing, institutional participation, and bio-audit frameworks
- •Institute requirements for misuse monitoring and threat sharing for high-risk biological services
Philanthropy
- •Focus remaining philanthropic capital on gap-closing, deterrence signaling, and ensuring high-risk systems actually perform under stress
- •Support maturation of attribution capabilities and public communication around accountability
- •Continue targeted support for jurisdictions, sectors, or institutions lagging in compliance, AI-bio safeguards, or research-governance adoption
Private Sector
- •Achieve broad compliance with screening, KYC, safeguard, and misuse-monitoring requirements
- •Maintain regular red-teaming, audit participation, and rapid remediation processes
- •Support stronger bioforensic attribution capability through data-sharing and exercise participation
Government
- •Ensure broad compliance and meaningful enforcement across screening, KYC, AI-bio safeguards, and research governance
- •Verify that high-risk LLM, biological foundation model, and autonomous-lab safeguards perform under stress
- •Establish or strengthen attribution and accountability doctrine for biological attacks
- •Exercise bioforensic and deterrence capabilities routinely
Philanthropy
- •Focus on closing residual gaps, supporting lagging geographies or sectors, and maintaining pressure for continuous improvement
- •Continue support for frontier-risk research, AI-bio track-specific evaluation, institutional research-governance adoption, residual-risk assessment, and measurement refinement
Private Sector
- •Maintain high compliance and continuous improvement in screening, KYC, safeguards, red-teaming, and misuse monitoring
Government
- •Sustain enforcement, update standards to keep pace with new technologies, and ensure risk-governance and AI-bio safeguard systems remain current
Who's Working on This
Implementers