Managed Access: Preventing AI from Designing Deadly Pathogens

A growing number of the world’s leading experts in health security and the life sciences are warning that unfettered open access to biological data could help AI design dangerous pathogens and are calling for safeguards on high-risk data to prevent misuse of AIxBio tools.  Their warnings, most recently issued in a new set of papers, represent growing momentum behind an idea that NTI has championed: using managed access as a tool to strengthen biosecurity and safeguard rapidly advancing AIxBio capabilities.

The types of data under consideration for managed access include information about human pathogens that could be used to train or fine-tune new AIxBio models with potentially high-risk, dual-use capabilities.

As capabilities at the convergence of AI and the life sciences continue to advance, these types of protections are a critical part of a layered defense for preventing exploitation by terrorist groups and other malicious actors seeking to cause harm with biology. The evolving conversation builds on a statement on AI and biosecurity that I signed onto as part of an international group of more than 100 leading scientists following the 50th anniversary Asilomar Conference last year. It calls for a wide range of technical and policy interventions that are important for the responsible development of AIxBio capabilities, so society can benefit from these tools while preventing them from being misused to design dangerous biological weapons.

NTI’s work, along with the growing support for managed access across the broader biosecurity and model developer community—including valuable managed access efforts at CEPI, which is using AI to accelerate vaccine development—positions experts and industry for an important conversation. This conversation will need to explore how to define the riskiest types of models and data that will require the most extensive access protections, which types of models and data should be freely available with no constraints, and the range of intermediate options on that spectrum.

Why is managed access important?

Managing access to data would help ensure that only responsible actors can use the large datasets needed to train new, more powerful biological AI models that will be coming online in the next few years, and which may include high-risk, dual-use capabilities. Without these protections it would be difficult to prevent nefarious actors from using the same data to train similar models on their own.

This approach is gaining traction in biosecurity circles because it offers a practical and potentially effective way to prevent exploitation and misuse.

How would managed access work?

Because most of the data needed to train future biological AI models have yet to be generated, managing access does not mean removing existing infectious disease information from the internet. Such an approach is likely to be futile—since redacting data that are already publicly available is unlikely to work—and it could be harmful to beneficial research and important public health systems which rely on those data. A more effective approach would be to develop a systematic way to manage access to the very large datasets that will be generated in the coming years to train new more powerful AIxBio models than those that exist today.

A key open question that has yet to be resolved is how broad or narrow data managed access approaches will need to be to effectively counter malicious actor risks. For example, will they only focus on data linked to human pathogens, or will it be necessary to manage access to broader sets of biological data? Nevertheless, we do know that this cannot be an all-or-nothing approach. Instead, it should involve tiered access to data with corresponding security protections based on the level of risk the data present.

The Bigger Picture

These ideas and recommendations are part of a broader conversation on biosecurity for powerful biological models. Such models could soon raise the ceiling on potential harm by making it possible to design more dangerous pathogens than those found in nature—as noted in the AIxBio Global Forum statement on AIxBio risks. And as biological models increasingly converge with large language models and more sophisticated agentic systems—such as Claude Opus 4.6 from Anthropic and Google’s Gemini 3.1— these tools will likely become much easier for non-experts to use—making biosecurity safeguards even more important.

To address this challenge, NTI | bio develops technical guardrails to keep these tools safe without undermining their benefits. These include a new metadata standard to help DNA synthesis providers understand the intended function of novel biological sequences generated by AI tools, and a new screening method to guard against misuse of AI biological design tools.

We have also developed managed access approaches, to ensure that only responsible researchers have access to the most powerful biological AI models and security features cannot easily be stripped out. Last month, NTI published a framework recommending a tiered-access approach for these models and outlined the actions funders, model developers, and governments should take to help put it into practice. Next, we will establish a clearly defined set of risk tiers for models and work with partners to develop a platform to demonstrate how managed access can work in practice.

As AIxBio capabilities continue to advance, it’s essential to get out ahead of the emerging risks that accompany these developments. This includes testing new solutions that enable beneficial research to advance while guarding against the worst downside risks.