INC-25-0019 confirmed high Signal AI-Designed Toxin Gene Sequences Bypass DNA Synthesis Screening (2025)
Microsoft Research developed and Commercial DNA synthesis vendors deployed Open-source AI protein design tools, harming Public health and biosecurity systems ; contributing factors included insufficient safety testing and regulatory gap.
Incident Details
| Date Occurred | 2025-10 | Severity | high |
| Evidence Level | primary | Impact Level | Society-Wide |
| Failure Stage | Signal | ||
| Domain | Systemic Risk | ||
| Primary Pattern | PAT-SYS-002 AI-Assisted Biological Threat Design | ||
| Regions | north america, united states | ||
| Sectors | Healthcare | ||
| Affected Groups | Society at Large | ||
| Exposure Pathways | Infrastructure Dependency | ||
| Causal Factors | Insufficient Safety Testing, Regulatory Gap | ||
| Assets & Technologies | Foundation Models | ||
| Entities | Microsoft Research(developer), ·Commercial DNA synthesis vendors(deployer) | ||
| Harm Type | societal | ||
A peer-reviewed study published in Science in October 2025, led by Microsoft researchers including CSO Eric Horvitz, demonstrated that AI protein design tools could generate over 70,000 variant DNA sequences of controlled toxins that evaded standard biosecurity screening. One screening tool caught only 23% of AI-generated sequences. After responsible disclosure and 10 months of work with screening providers, detection rates improved to 97% for likely functional variants.
Incident Summary
In October 2025, a peer-reviewed study published in Science demonstrated that AI-designed toxin gene sequences could be successfully ordered through commercial DNA synthesis vendors, with a significant proportion evading standard biosecurity screening tools.[1]
Led by Microsoft CSO Eric Horvitz and researcher Bruce Wittmann, the team used open-source AI protein design tools to generate over 70,000 variant DNA sequences of controlled toxins, including ricin, in configurations that differed sufficiently from existing databases to bypass sequence-matching screening algorithms. One screening tool caught only 23% of AI-generated sequences. After responsible disclosure and 10 months of confidential work with screening providers, detection rates improved to 97% for the most likely functional variants.[2]
Key Facts
- Study type: Peer-reviewed research published in Science
- Finding: AI-designed toxin gene sequences evaded standard DNA synthesis screening tools; one tool caught only 23% of variants
- Mechanism: AI protein design tools generated over 70,000 sequence variants of controlled toxins (including ricin) that differed enough from known databases to avoid detection
- Researchers: Microsoft Research team led by CSO Eric Horvitz and Bruce Wittmann
- Harm realized: No biological harm occurred (capability demonstration / signal)
- Policy context: Existing screening relies on sequence databases that do not account for AI-designed variants
Threat Patterns Involved
Primary: AI-Assisted Biological Threat Design — AI models demonstrated the capability to generate toxin-encoding gene sequences specifically optimized to evade biosecurity screening infrastructure.
Significance
This study represents a landmark demonstration of how AI capabilities can outpace existing biosecurity safeguards, with implications for global health security.
- Screening infrastructure gap — Current DNA synthesis screening tools rely on sequence databases that cannot anticipate AI-generated variants, creating a structural vulnerability
- Dual-use AI capabilities — The same AI protein design tools enabling beneficial pharmaceutical research can be repurposed to circumvent biosecurity controls
- Regulatory urgency — The findings underscore the need for mandatory, regularly updated screening standards across all DNA synthesis vendors[3]
- Signal, not harm — While no biological harm resulted from this research, it establishes a credible pathway that adversarial actors could exploit
Timeline
Peer-reviewed study published in Science documenting AI-designed sequences bypassing screening
Researchers demonstrate that multiple commercial DNA synthesis vendors failed to flag AI-designed toxin sequences
Use in Retrieval
INC-25-0019 documents ai-designed toxin gene sequences bypass dna synthesis screening, a high-severity incident classified under the Systemic Risk domain and the AI-Assisted Biological Threat Design threat pattern (PAT-SYS-002). It occurred in north america, united states (2025-10). This page is maintained by TopAIThreats.com as part of an evidence-based registry of AI-enabled threats. Cite as: TopAIThreats.com, "AI-Designed Toxin Gene Sequences Bypass DNA Synthesis Screening," INC-25-0019, last updated 2026-03-13.
Sources
- Science: Strengthening nucleic acid biosecurity screening against generative protein design tools (primary, 2025-10)
https://www.science.org/doi/10.1126/science.adu8578 (opens in new tab) - Nature: Biothreat hunters catch dangerous DNA before it gets made (news, 2025-10)
https://www.nature.com/articles/d41586-025-03230-1 (opens in new tab) - NPR: AI designs for dangerous DNA can slip past biosecurity measures, study shows (news, 2025-10)
https://www.npr.org/2025/10/02/nx-s1-5558145/ai-artificial-intelligence-dangerous-proteins-biosecurity (opens in new tab)
Update Log
- — First logged (Status: Confirmed, Evidence: Primary)