How to Secure the DNA Supply Chain

This essay is part of The Launch Sequence, a collection of concrete, ambitious ideas to prepare the world for advanced AI. Rather than a specific project proposal, this piece is a field strategy: a guide to the key challenges within a particular field and the highest-priority projects to solve them. These projects need people to build them. Get in touch.

Executive Summary 

Through the advent of cheap, reliable DNA synthesis, humanity has successfully taken the manufacturing of life’s building blocks into its own hands. The implications for science and human flourishing are awe-inspiring: commercial DNA synthesis has allowed patients to drive their own cancers into remission. But the same ingredients that accelerate legitimate research also make it easier to cause harm: When microbiologists synthesized the poliovirus genome from scratch in 2002, it cost $300,000; at today’s commercial rates, the materials would cost less than $1,000.

This report offers a field guide to help policymakers, founders, and funders ensure that advanced DNA synthesis remains easily available for legitimate use while preventing bad actors from using this technology to cause a global pandemic. Our recommendations are based on the following findings:

1. Synthetic DNA is currently the highest-leverage chokepoint in the biological threat chain. Almost every pathway to engineering a pandemic-capable pathogen relies on synthetic nucleic acids, and the supply chain for complex gene synthesis is concentrated in a small number of providers and countries.
2. It will take roughly 80% of commercial DNA synthesis providers to screen their orders to meaningfully reduce risk. As long as which providers screen and which don’t remain strategically ambiguous, screening can be robustly effective with less than 100% coverage by harnessing deterrence, denial, and monitoring of bad actors.
3. Two decades of promoting voluntary measures have not yielded the necessary coverage or effectiveness of screening. Multiple red-teaming studies have shown that a determined actor can currently obtain hazardous sequences by routing orders to providers that don’t screen at all, or screen poorly.
4. Mandatory screening has wide support. Policymakers around the world have proposed common-sense policies that would put us decisively on track for widespread screening and recordkeeping globally. In a rare moment of consensus, several leading technology executives and life sciences researchers — from the 2024 Nobel Laureate in chemistry David Baker to OpenAI CEO Sam Altman — recently called on Congress to make screening mandatory in a public letter.

Mandatory screening policies are the first and most important step, but are just one part of a broader set of required defenses. We propose the following victory conditions:

1. Coverage: More than 80% of companies that provide synthetic DNA or benchtop devices screen both orders and customers.
2. Strategic ambiguity: Policies and disclosures preserve enough uncertainty that a bad actor can’t easily identify which providers might let an order through.
3. Access: Acquiring genetic material remains low-cost and low-friction for legitimate customers.
4. Effectiveness: 90% of providers correctly identify sequences of concern in realistic red-teaming scenarios.

With bold and urgent action, we see a path to securing the DNA supply chain in time to substantially mitigate AI-enabled biological risks. Below, we outline the roadmap for what we must launch to achieve these goals. What we need now are policymakers, philanthropists, founders, operators, and technical experts to build these projects to secure the DNA supply chain.

Motivation: Buying time for defenses 

Until recently, the only DNA supply chain was nature itself: if you wanted a pathogen’s genome, you needed the pathogen. But if you have ever had a short fragment of the Ebola virus genome shipped to your coworking space office with zero questions — as we did last year — you know that this is no longer true.

Through the advent of cheap, reliable DNA synthesis, humanity has successfully taken the manufacturing of life’s building blocks into our own hands. The implications for science and human flourishing are awe-inspiring: commercial DNA synthesis has allowed patients to cure their own cancer and the CDC to build a synthetic version of the Ebola virus to more rapidly test whether treatments used in the field actually work.

But the same ingredients that accelerate legitimate research also make it easier to cause harm: In 2002, microbiologists synthesized the poliovirus genome from scratch. Then, it cost $300,000; at today’s commercial rates, the equivalent genetic material costs less than $1,000. 

Meanwhile, we are approaching the point where AI enables a much wider set of people to execute sophisticated biological workflows.¹ Once biological engineering becomes broadly accessible, we enter a risk window: capabilities for bioattacks become widespread before we have built the defenses to eliminate pandemic risk. 

Defensive countermeasures (such as vaccines, monoclonal antibodies, and PPE) offer the long-term solution, but developing and deploying them will take years, even with AI-accelerated R&D. Technology adoption curves are humbling; the COVID-19 vaccine rollout — the fastest in global history — still left low-income countries waiting more than two years for adequate coverage.

Deploying countermeasures to billions of people carries a high risk of getting caught in bottlenecks — such as jurisdictional approvals or population attitudes — that may take years to clear. If a biological attack came anytime soon, our playbook would look startlingly similar to the global COVID-19 response: retreat, lockdown, and wait for countermeasures to become widely available, one population at a time.

While accelerating our defenses, we need to buy time by shaping AI-biology progress to selectively raise the barriers to biotechnology misuse and delaying access to the most dangerous capabilities for bad actors. Right now, the most promising intervention point is synthetic DNA. DNA orders provide two important pieces of information: what is being ordered, and who is ordering it. By screening both the sequence content and the customer, providers can stop dangerous orders before they ship and report suspicious actors to law enforcement.

Despite its favorable features, DNA synthesis security remains, in many ways, an orphan issue: by our count, fewer than 50 people worldwide work on it full-time. However, we have a viable strategic plan to secure the DNA supply chain, and a credible path to achieving victory quickly enough for it to matter.

Why synthetic DNA is a critical chokepoint for biosecurity

A virus is essentially a stretch of genetic code wrapped in a protein shell. Many viral genomes are surprisingly short: the sequence of SARS-CoV-2 — a pathogen that killed millions and cost the global economy trillions — is only 30,000 bases long, roughly 100,000 times shorter than the human genome’s 3 billion base pairs.

This simplicity is also what makes it possible to build viruses from scratch. Two main things are needed for this: the genome digital sequence, usually freely available online, and synthetic DNA to physically reconstruct it. By ordering synthetic DNA fragments and stitching them together in the right order, researchers — or bad actors — can produce a functional viral genome without ever needing a natural sample.

Beyond reconstructing known pathogens like polio, scientists can now also design novel ones. Last year, researchers used the genome language model Evo 2 to design viable bacteriophages (viruses that infect bacteria). Some of the working phages were so genetically different from anything we know that they’d qualify as a new species. As AI models continue to improve, both the range of plausible threats and the pool of people capable of executing them will grow.

But nearly all of these pathways to biological harm run through a single bottleneck: commercial DNA synthesis. Whether someone is artificially reconstructing a known pathogen or designing a new one, synthetic DNA is almost always required. That makes it a natural chokepoint for defenders. 

With research partners², we spent several months assessing more than 200 alternative intervention points across the biological threat chain, from pipettes to biosafety cabinets. None proved as promising as synthetic DNA, for three reasons.

1. Engineering a pandemic-capable pathogen almost always requires synthetic DNA. Many other inputs are limited to a narrow class of threats: if we restrict access to specialized animal models, like humanized ACE2 mice for coronaviruses, a bad actor could simply switch to a different pathogen that doesn’t require them. Synthetic DNA is harder to route around because it sits upstream of nearly every engineering pathway.
2. DNA sequences have a much higher signal-to-noise ratio for inferring intent than common lab equipment such as pipettes or petri dishes. Every DNA order contains two pieces of information: the customer’s identity and the sequence being ordered. Customer screening could, in theory, be done for every product. Sequence screening, however, is unique to synthetic DNA and can directly reveal whether someone is ordering fragments of smallpox or the gene for a fluorescent protein. 
3. Gene-length DNA remains a hard-to-commodify product. Frontier applications like gene therapy require low error rates that can only be achieved through sophisticated chemical or enzymatic methods and quality-control pipelines. That technical complexity means the market is concentrated in a relatively small number of companies. There are roughly 200 gene synthesis providers globally, most of which are based in a handful of countries: the United States (25% of gene-length providers), China (33%), and the EU (11%). Unlike common lab reagents that can be improvised from off-the-shelf ingredients³, commercial gene-length synthesis cannot easily be substituted or replicated at home.

Victory conditions: what it takes to safeguard DNA synthesis

We propose the following victory condition by 2030: 

• Coverage: More than 80% of companies that provide synthetic DNA or benchtop devices screen both orders and customers.
• Strategic ambiguity: Policies and disclosures preserve enough uncertainty that a bad actor can’t easily identify which providers might let an order through.
• Access: Acquiring genetic material is low-cost and low-friction for legitimate customers.
• Effectiveness: 90% of providers correctly identify sequences of concern in realistic red-teaming scenarios.

To do so, we need to implement two things:

1. Governments mandate screening and recordkeeping in the handful of key jurisdictions that collectively cover the supermajority of DNA providers.
2. The infrastructure underpinning global screening is in place, including systems and institutions for affordable Know-Your-Customer (KYC) practices, standards, third-party red-teaming, and benchtop synthesizer security

Our 80% coverage target makes an assumption — grounded qualitatively in the mechanics of access control and quantitatively in our threat modeling — that even partial coverage buys meaningful security. The weakest-link intuition — that one non-screening provider undoes the rest — misreads the mechanics of access controls in this domain. 

Many analyses of technology governance regimes focus narrowly on denial: did the system catch and block the bad actor at the point of transaction? Judged by that metric alone, KYC often looks ineffective. But denial is only one of three mechanisms a mature screening system relies on. Deterrence and monitoring do at least as much work, and together with denial, they’re what make partial coverage much more powerful than the weakest-link framing suggests.

The dynamics of motor vehicle theft helpfully illustrate the compounding benefits of deterrence, denial, and monitoring. In the 1980s and ‘90s, American cities began adopting LoJack, a hidden radio transmitter that allowed police to track and recover stolen cars. Because the device was invisible from the outside, potential thieves could not tell which cars were protected. In cities that introduced LoJack, auto theft fell sharply even though fewer than 2% of cars were equipped with it. And when thieves did target a LoJack-equipped car, the signal led police directly to them, often dismantling entire criminal operations.

LoJack made car theft a fundamentally worse bet. DNA screening can work the same way. An attacker who can’t tell which providers screen can either place an order and risk triggering an investigation, or not try at all. As long as there’s ambiguity around who’s screening or not, effective screening doesn’t require 100% coverage to drastically reduce the calculus, and therefore change the behavior, of an attacker. 

Crucially, this requires us to design interventions to preserve that ambiguity. It’s tempting to publicly list providers that screen — intended as a commercial incentive — but this would reveal exactly which providers to route around. National mandates work in the other direction: once an entire jurisdiction is required to screen, a bad actor has to assume that any provider operating there may screen, even if compliance is imperfect. And in countries without mandates, some providers screen voluntarily (as they do today), so a bad actor can’t safely assume any given provider won’t screen.

In a separate analysis, we worked with the biosecurity expert Rocco Casagrande to model how risk reduction scales with screening coverage and effectiveness (see the appendix for the detailed methodology). The model follows a bad actor at different levels of screening coverage and effectiveness. We model whether deterrence stops them before they order, whether they hit a provider that screens or identify one that doesn’t, whether screening catches them, and whether they try again. 

We find that a screening system must succeed on all three components of our victory condition — strategic ambiguity, coverage, and effectiveness — because a failure on any one allows the bad actor to obtain the desired material. This is intuitive: if screening is effective but only a few companies implement it, and non-screening vendors are easy to identify, a bad actor can easily find a company that doesn’t screen. Conversely, if screening is in place everywhere but doesn’t catch attempts, the security benefit is again small. 

For coverage specifically, we found that patchy screening buys us almost nothing. This makes sense: if only a few providers screen, a determined actor has a good chance of routing around them, and moving from 10% to 20% coverage doesn’t meaningfully change that. But once coverage crosses 50–60%, screening effectiveness improves rapidly. We’re targeting 80% as our victory condition⁴: at that level of coverage, effective screening and order recordkeeping create a meaningful barrier to evading screening measures, leading a substantial fraction of bad actors to be deterred or caught.⁵

The upshot is twofold. First, voluntary adoption driving incremental gains in coverage won’t deliver real security; we really do need mandatory screening policies that drive high adoption to make the world meaningfully safer. At the same time, we don’t need to reach 100% coverage: at approximately 70–80% screening coverage, the interplay of deterrence, denial, and monitoring will meaningfully reduce risk.

Governance and the path to victory

Before prioritizing technical R&D to improve screening effectiveness, we must increase its coverage. Excellent screening tools don’t reduce risk if only a handful of companies use them.

For more than a decade, a coalition of leading synthesis providers — organized around the International Gene Synthesis Consortium (IGSC) — has voluntarily screened DNA orders for sequences associated with dangerous pathogens and toxins. The IGSC includes startups and multinational heavyweights across the US, Europe, the UK, and China. 

Voluntary adoption serves two crucial functions: it paves the way for policy by demonstrating both the feasibility of screening at an industrial scale and the willingness of responsible providers to do so. And it enables strategic ambiguity by ensuring that even outside jurisdictions with mandatory screening, bad actors can’t be sure which providers will screen and which won’t.

But voluntary action has not yet reached a critical mass of providers screening their orders, and red-teaming studies show it won’t be enough to secure the DNA supply chain. A 2025 study suggested that many DNA synthesis providers shipped potentially dangerous sequences without adequate screening. The methodology was hotly debated, but multiple non-public studies developed with extensive industry and government engagement⁶ have validated the overall notion that screening across the industry is currently inadequate to deter, deny, or monitor determined actors. 

Why don’t more providers screen? For one thing, providers perceive the risk to be limited. This inference is historically valid — there are no known cases of synthetic DNA being used to build a bioweapon — but it is under increased pressure from advances in AI and synthetic biology. More fundamentally, the benefits of screening are essentially a positive externality, especially given the difficulty of tracing and attributing misused DNA to the manufacturer in the absence of effective recordkeeping. The other part is that costs, while small in the grand scheme, aren’t zero; know-your-customer checks are still largely manual and often require time-intensive follow-up. Providers facing a non-zero cost and near-zero perceived private benefit won’t act unless they have to. 

AI-supported KYC can reduce screening costs by an order of magnitude, which will certainly drive further adoption. But as long as screening is voluntary, some providers won’t prioritize action on something perceived as having no benefit. That penalizes the providers who do screen and bear costs their competitors avoid. Responsible providers have repeatedly asked governments to level the playing field, but policy mandates have yet to be implemented. 

Fortunately, governments are finally catching up. In the US, the bipartisan Biosecurity Modernization and Innovation Act and the administration’s AI Action Plan have moved synthesis screening into the legislative and executive mainstream. The EU’s Biotech Act is a largely deregulatory package, but nonetheless carved out synthesis screening as a core security provision. The UK’s 2025 Biological Security Strategy named mandatory screening a priority, and New Zealand has introduced legislation on screening requirements. And because the supply chain is concentrated in a small number of providers and countries — the US, China, and the EU together account for about 70% of gene-length double-stranded DNA providers — the threshold for victory is within reach.

Those high-priority regions include Asia, and particularly China, where the plurality of synthesis manufacturers operate. Leading Chinese providers have already taken significant steps toward improved biosecurity; making further headway will require sustained engagement among governments, industry, and scientific institutions across jurisdictions, with standard-setting bodies such as ISO ensuring interoperability.

None of this is easy. But it would be an unforced error for major bioeconomies not to follow this common-sense path. Rigorous cost-benefit analyses by the British Centre for Long-Term Resilience and RAND Europe conclude that the societal benefits of screening vastly outweigh the costs to industry, governments, and the scientific enterprise. In the UK, society would gain £3.50 from pandemic prevention (in terms of avoided economic damage and life and health loss) for every £1 spent on mandatory screening, a net benefit of £150 million per year over 20 years.

The basic argument that screening is a tractable safeguard with favorable cost-benefit economics applies in Shenzhen and Seoul as much as in Brussels, London, or Washington — and given the regionally concentrated gene synthesis market, mandatory screening in just a handful of jurisdictions would cover the supermajority of providers. 

What’s more, import controls and government procurement rules can extend the reach of national policies beyond borders. We’ve spoken with at least one provider in Germany that started using a premium screening tool because their customers wanted to buy their nucleic acids from a provider that screens, in order to qualify for federal US research grants.⁷

The efforts we need to launch

Well-designed screening policies expand the set of providers required to screen and improve effectiveness through features such as higher standards and independent audits.

That’s why efforts to get legislation over the finish line — including advocacy and policy research — are so essential. But policy alone won’t be enough to solve screening — we also need to build the underlying infrastructure. The two reinforce each other: It’s much easier to advocate for mandatory screening if we can point to free, philanthropically funded screening and know-your-customer tools that minimize costs for industry. Conversely, mandatory screening creates sustainable demand for screening tools.

Here are the key projects for building the infrastructure required to reach our victory condition: 

The ordering of efforts matters. People sometimes gravitate toward synthesis screening because it’s an interesting technical problem, especially in the context of AI-enabled evasion. But the most interesting problems aren’t necessarily the most urgent ones. In a world where few providers screen, bad actors don’t need AI to evade detection; they can simply order gene-length DNA from a provider that doesn’t screen at all. So while we need to solve AI-enabled evasion eventually,⁸ we hope to see more people tackling the more pressing problems first. For example, benchtops are a key part of our victory condition, but not a single person is working full-time to secure them.

That gets at another misconception: seeing these example projects, it’s tempting to think we’re on track. The people and organizations listed are doing outstanding work, but none of the problems they’re tackling are close to being solved. We need to 5x the number of people working on this — either joining existing efforts, or starting new ones.

Making order and customer screening affordable and efficient

As DNA synthesis costs continue to fall, screening costs must fall with them. The thinner industry margins get, the more providers who screen lose business to those who don’t bother.

Sequence screening — checking orders against a list of dangerous sequences — is the easy part. Free tools already exist that can cheaply screen thousands of base pairs per second or are open-source and can be run locally; and enterprise options range from established defense contractors to venture-backed startups. No synthesis provider in 2026 can credibly claim that screening sequences is too expensive or technically infeasible.

The real cost barrier is on the customer side. Verifying a customer’s legitimacy with KYC means reviewing publication histories, institutional affiliations, and sanctions lists. Until recently, this was labor-intensive enough to deter smaller providers from screening at all.

It doesn’t have to stay that way, though. A recent study found that AI-assisted customer screening cut overall costs more than tenfold — $1.18 per customer versus $14.04 with a human reviewer — while matching or exceeding human accuracy. For the information-gathering tasks AI can handle without human intervention, costs dropped to roughly $0.20 per customer. To put this into perspective, every airline passenger in the US pays $5.60 per one-way trip to fund aviation screening — around 2% of the average domestic fare, absorbed by the industry without controversy after 9/11. If we can achieve the order-of-magnitude cost reduction implied above, KYC would be a comparably small share of a typical $70–$210 gene-length order.

The cost savings multiply if KYC is done once rather than repeated at every provider. Today, a researcher ordering from three different companies must pass three different legitimacy checks. Centralized credentialing systems for dual-use biology would let a researcher verify their legitimacy once and carry that credential across synthesis providers and AI platforms.⁹ Such a system could not only make KYC more efficient but also surface suspicious activity across different vendors, revealing patterns that individual checks would miss.

Establishing standards for sequence and customer screening

Even with affordable screening tools, providers still face a basic question: what counts as dangerous?

We currently lack a clear standard at the level of actual DNA sequences for what should and shouldn’t be flagged, leading different providers to screen against different databases. Without that guidance, providers face a difficult choice: screen too cautiously and lose legitimate customers whose orders get wrongly flagged, or screen too permissively and risk penalties under future mandates. Governments, meanwhile, can’t enforce a standard that doesn’t exist.

While the search space of all microbial life is enormous, the pathogens that actually pose pandemic risk are a small subset of it. Only 1,400 known viruses, bacteria, and fungi cause human disease, and only a small fraction of those threaten public health, agriculture, or national security. Focusing chiefly on those high-consequence pathogens offers an efficient pathway to regulatory clarity. 

For nearly two decades, industry and advisory bodies have called on governments to specify which sequences should be regulated. But no government has issued a sufficiently detailed standard. In 2024, the Sequence Biosecurity Risk Consortium (SBRC) — a voluntary consortium, catalyzed with philanthropic capital and now partly sustained by industry member dues — stepped into that gap. The SBRC brings together synthesis providers, screening tool developers, policymakers, and scientific experts and has already categorized over 1.1 million sequences, building a risk-based standard ready for regulators to adopt. But more work remains to be done: The standard needs to be updated regularly, evolving in lockstep with scientific and AI advances. If you or your organization would like to join the SBRC to contribute, get in touch with the moderators here.

As with sequence screening, enforceable customer screening requires a defined baseline of what providers must collect and verify. The Engineering Biology Research Consortium (EBRC) and the International Biosecurity and Biosafety Initiative for Science (IBBIS), with partners across industry and the non-profit sector, are developing a minimum viable customer standard for government adoption and are offering briefings to interested policymakers.

Extending the biosecurity perimeter: benchtops, oligos, and split-order detection

Current DNA synthesis screening focuses on gene-length sequences from mail-order providers. Two of the hardest unsolved problems in the field sit outside that scope.

The first is benchtop synthesizers. These machines often fit on a laboratory bench (hence the name) and print DNA on demand, offering a tremendous boon for democratized biotechnology — and an immense proliferation of the biosecurity risk surface. The installed base is small today, but these devices are on track to synthesize longer and longer sequences and proliferate more widely.

The good news is that modern cryptographic methods can enable screening even for air-gapped devices. Working with manufacturers on access controls, usage logging, and integrated screening now is orders of magnitude easier than retrofitting thousands of deployed devices later. The world needs a “general manager” to own the problem of securing benchtop devices before they proliferate widely. If that sounds like you, get in touch.

The second unsolved problem is short oligonucleotides — oligos — that can be assembled into longer sequences. As techniques for oligo assembly improve, biosecurity relying exclusively on screening entire genes will become increasingly untenable. Two things make oligo screening hard:

1. The market is more decentralized, with up to five times as many manufacturers of short oligos as gene-length DNA, so more providers have to implement screening. 
2. Short fragments carry less signal compared to full genes: it’s harder to tell whether any single oligo is dangerous, or whether multiple orders split across different providers could be assembled into something that is. 

Tools like SecureDNA can screen oligonucleotides down to 30-mers with few false positives, but catching orders split across providers is as much a coordination problem as a technical one. Early efforts to build an industry-wide clearinghouse¹⁰ for split orders have begun, but much work remains.

Beyond synthetic nucleic acids, our research surfaced live pathogens as a comparably important chokepoint to secure. If an actor has a live pathogen, they do not need to synthesize an entire genome from scratch; they can simply modify what they have, which is far easier. As contract research organizations and cloud laboratories advance their capabilities and services in microbiology, they too become natural chokepoints worth securing. 

Standing up independent auditing organizations

The best way to know whether screening systems work is to test them. In most industries, independent testing underpins the quality of measures for safety (e.g., audits for food safety and clinical manufacturing practice) and security (e.g., independent assessments for cybersecurity), and there’s no reason DNA synthesis should be any different. The rollout of the Biden Administration’s 2024 Screening Framework illustrates the need for independent testing. The framework was a huge milestone that drove the adoption of customer and order screening in the US and abroad, but it only required providers to self-attest to screening. Independent red teaming studies that followed showed that some of those who claim to screen don’t do so well enough.

We need auditing schemes that evaluate screening performance and hold the industry accountable. Previous red-teaming efforts have created a methodological foundation; we now need dedicated organizations to offer systematic stress-testing at scale. Ultimately, auditing should be government-backed, but civil society can lead the way by pioneering methodologies for governments to adopt or by serving as a designated third-party auditor. Such organizations will need the legal expertise and operational security to conduct stress tests responsibly, the credibility to be taken seriously by policymakers, and the independence to provide trustworthy results.

Making screening robust against AI-enabled evasion

A recent study in Science found that AI protein design tools circa 2023 could already reformulate sequences of concern to evade detection by screening tools. The screening tools have since been patched, and experimental testing showed that a few similarly reformulated benign proteins didn’t reliably retain their biological function. This means that hardening screening tools against AI-enabled evasion is not the most pressing problem today. However, we wouldn’t bet against AI capabilities rapidly eroding that margin of safety, and any long-term security for DNA synthesis relies on solving this technical challenge.

Fortunately, the same AI advances that enable evasion also enable better screening. Biological AI models can now predict protein structure from sequence with high accuracy, and they’re getting better at predicting biological function. Organizations like Fourth Eon Bio leverage AI for adaptive function-based screening, advancing the question from “does this sequence match a known pathogen?” to “could this sequence have a dangerous function?” 

More biology, safely

The ability to write DNA reliably, cheaply, and at an industrial scale is a defining technical achievement of our era. Personalized gene therapy now cures rare diseases once deemed untreatable. New diagnostics and vaccines can be designed in days at the start of an outbreak, saving millions of lives. We do not want less of any of that. We want vastly more.

We also accept that consequential technologies carry safeguards proportionate to their power. Nobody seriously argues that private citizens should be able to order plutonium to their doorstep.

Luckily, synthesis screening can be fast and cheap enough that legitimate researchers barely ever notice it, while the handful of orders that would seed a catastrophe are caught.

That world is within reach. We can deter, deny, and monitor bad actors at the most important node in the biological threat chain, and the same logic applies to the next chokepoints: pathogen repositories, contract research organizations, and cloud laboratories. 

The infrastructure we’ve described in this piece won’t build itself. What we need most are the right people to take part in owning this problem. Sentinel Bio and IFP are looking to find and fund more founders and operators who can own specific slices of this challenge and take this effort over the finish line. If this sounds like you, we’d love to hear from you:

• If you’re a founder or operator who wants to own or contribute to a project listed in this piece, submit an expression of interest (EOI) to Sentinel Bio or apply to join their team. 
• If you’d like to be connected with other funders and partners, or to lead a project in this or another area of biosecurity, apply to IFP’s Launch Sequence Request for Proposals and note whether you’ve also submitted an EOI to Sentinel Bio.

We thank Beez Africa, Emily Ge, Jonah Weinbaum, Joseph Fridman, Tao Burga, and Tim Fist for their helpful contributions to this piece. We’re grateful to the people whose research underpins our work and to those who work tirelessly to solve this challenge.

The authors did not receive a stipend or other compensation from IFP for this work.

Appendix: Risk reduction model

In 2025, we worked with Rocco Casagrande — a biotechnologist who has spent over 25 years working to prevent biological misuse — to model how risk reduction scales with screening coverage and effectiveness. 

The model uses a Markov-chain framework to simulate a screening system designed to block an intelligent bad actor from acquiring synthetic DNA. Each transition is assigned its own probability. 

The steps are:

1. Before reaching any provider, the threat actor may be deterred or interdicted by law enforcement.
2. When selecting a provider, the actor succeeds in acquiring the material if any of the following occur:
   • They identify a provider that doesn’t screen.
   • They randomly select a provider that doesn’t screen.
   • They select a provider that screens, but screening doesn’t work.
3. If the provider screens and catches the illicit attempt, they may report the actor to law enforcement.
4. If the threat actor fails to acquire synthetic DNA but isn’t disrupted by law enforcement or discouraged, they can try again.

We find that a screening system must succeed on all three components of our victory condition — strategic ambiguity, coverage, and effectiveness — because a failure on any one allows the bad actor to obtain the desired material. This is intuitive: if screening is effective but only a few companies implement it, and non-screening vendors are easy to identify, a bad actor can easily find a company that doesn’t screen. Conversely, if screening is in place everywhere but doesn’t catch attempts, the security benefit is again small. 

To build our risk reduction curve, we model how the probability of access varies across different levels of screening coverage and effectiveness, jointly varying deterrence and the probability that law enforcement catches the actor. Our figure shows risk reduction only for the mail-order gene-length DNA pathway, but the same model applies to alternatives such as oligos or live pathogen repositories. The model is available on request at info@sentinelbio.org.