The Homology Trap - Signal Scan

The Homology Trap: Biosecurity Law Is Mandating DNA Screening AI Has Already Learned to Evade

As the United States moves to make DNA synthesis screening mandatory, the screening method being written into law matches orders against known-pathogen lists, a paradigm AI protein-design tools have already shown they can route around, with a 2026 to 2028 inflection for synthesis providers, biotech, biosecurity tooling and insurers.

The consensus on synthetic biology biosecurity has, for the first time in a decade, a clear policy direction: make DNA synthesis screening mandatory. The United States has a bipartisan bill, broad industry endorsement, and an emerging international standards effort, all converging on the same fix. Beneath that consensus sits a more uncomfortable development. The screening method being written into law matches ordered sequences against lists of known pathogens, and AI protein-design tools have already demonstrated they can produce functionally dangerous sequences that no list will flag. The regulatory architecture is hardening around a threat model the science has outrun. The strategic question is no longer whether to screen, but whether the screening being mandated can do the job.

Signal Identification

This is a regulatory pivot crossed with a capability disruption. The signal is not that biosecurity oversight is tightening, which is the headline. It is that oversight is consolidating around sequence-matching at the precise moment sequence-matching has been shown insufficient. The mismatch is structural, not a temporary tooling gap, because the same AI capability that undermines the paradigm is generative and adversarial: every patched evasion invites the next redesign.

Time horizon: 3 to 7 years (regulatory inflection 2026-2028 as S.3741 advances and the US screening framework reaches review; structural reset 2028-2030 as function-based screening is either mandated or not) Plausibility band: Medium-High Geographic / Jurisdictional Scope: Primary: United States (S.3741, OSTP nucleic acid synthesis framework, NIST). Spillover: EU (European Biotech Act, EU AI Act), UK, New Zealand, and the global synthesis market via IBBIS international standards work. Sectors exposed: Gene and DNA synthesis providers; biosecurity screening-tool developers; biotech and pharma R&D; AI model developers (biological AI models and frontier LLM labs); biosecurity insurers and reinsurers; national-security and regulatory functions; venture capital in biosecurity tooling.

What's Changing

The legislative anchor is S.3741, the Biosecurity Modernization and Innovation Act of 2026, introduced on 29 January 2026 and summarised by the Health Law & Policy Brief (29/03/2026). It directs the Secretary of Commerce to require gene synthesis providers to screen orders and customers against lists of sequences of concern, supplanting the voluntary regime. The Counterfactual gap analysis (24/03/2026) records that violations carry civil penalties up to USD 500,000 for individuals and USD 750,000 for organisations.

The problem is the screening logic. As the peer-reviewed Frontiers in Bioengineering and Biotechnology review (20/04/2026) sets out, provider screening remains agent-centric, checking orders for similarity to known pathogen sequences, and it can be bypassed: protein-folding prediction algorithms can design proteins with the three-dimensional structure of agents of concern but very distinct nucleic acid and amino acid sequences. Automated systems can already synthesise fragments up to 750 bases, long enough to encode small toxic proteins.

Digital safeguards upstream are proving equally fragile. The Centre for the Governance of AI (20/04/2026) documented a non-expert using a coding agent to fine-tune the open-weight Evo 2 model on human-infecting virus sequences, recovering capabilities its developers had filtered out, in a single weekend for roughly USD 760 with no refusals from the agent. Safeguards premised on fine-tuning being difficult, it concludes, may collapse once coding agents make it easy.

The landscape those safeguards are meant to govern is largely ungoverned. Epoch AI's database of 1,196 biological AI models (20/02/2026) found only 3.2% carry any documented safeguards, falling to 1.4% among non-LLM biological models, and just 2.5% have a documented risk assessment. Roughly one in five models is fine-tuned from an existing one, so both capability and its absence of guardrails propagate.

Disruption Pathway

The pathway runs in three stages. Through 2026 and 2027, S.3741 advances through the Commerce Committee and the United States framework for nucleic acid synthesis screening reaches its scheduled review; mandatory homology-based screening becomes the federal floor, and international standards work pulls other jurisdictions toward the same baseline. Across 2027 and 2028, documented evasion cases and AI-designed-sequence orders make the gap operationally visible, and function-based screening moves from research to pilot. By 2028 to 2030 the system either integrates function-based screening into the mandate or settles into a durable two-tier regime: compliant on paper, porous in practice.

Stress concentrates at four points. Synthesis providers are caught between the compliance cost of a mandated system and the knowledge it misses the hardest cases. Benchtop synthesisers are covered by S.3741 at the point of sale but not in ongoing use, leaving the device itself an unscreened provider, per the Counterfactual analysis. Split-order detection, the defence against fragmenting a dangerous sequence across providers, is drafted permissively, authorised rather than required. And the function-prediction tools that could close the gap are themselves dual-use, as the Frontiers review stresses: the fix and the threat share a technology.

Adaptation, where it comes, will sit at three levels. Operationally, leading providers may adopt function-based screening ahead of any mandate, turning biosecurity into a procurement differentiator rather than a compliance floor. Regulatorily, the NIST governance sandbox created by S.3741 and the biennial framework review give a mechanism for the standard to move, if the political will exists to use it. Financially, biosecurity insurers and frontier AI labs may converge on trusted-access and know-your-customer controls for powerful biological models, the intervention the Centre for the Governance of AI argues is becoming unavoidable as digital safeguards weaken.

Why This Matters

For boards and investors across gene synthesis, biotech R&D, AI model development and specialty insurance, the decision architecture that needs revising is the one that treats S.3741 compliance as the biosecurity box ticked. A mandated homology-based screen is a real and overdue improvement, but it is a floor, not a frontier. Synthesis providers should be modelling function-based screening now, before a mandate sets the timeline for them. AI labs releasing or hosting biological models should assume that data filtering alone will not hold and that trusted-access controls are the more durable posture. Insurers should treat the screening-paradigm gap as a named, evolving exposure. The common thread: the regulatory signal and the capability signal point in opposite directions, and planning to only one of them is the error.

Decision-action posture for this signal: Prepare. The inflection is two to four years out and the policy window is open, but the gap is documented rather than yet realised, so the task is scenario planning and capability investment against named triggers, not an irreversible commitment this cycle.

Counter-Argument

The strongest objection is that the system is self-correcting. The October 2025 evasion study did not simply expose a hole; as the Council on Strategic Risks year-in-review (22/12/2025) records, its authors worked with synthesis companies to identify vulnerabilities and deploy patches, measurably improving the tools. On this reading S.3741 is not locking in an obsolete paradigm; it is mandating a living system, and it explicitly tasks NIST with researching the sequence-to-function models that would extend it. The bill is a major step, and passing it is plainly better than the status quo.

That objection is real but incomplete. Patching is reactive, and the adversary is generative: each fix invites the next redesign, and the Council on Strategic Risks itself notes that foundation models increasingly preserve a biomolecule's function even as its sequence changes. A mandate that hard-codes list-matching as the operational requirement, while relegating function-based methods to unfunded research, institutionalises the lag. The structural mismatch is not patched away; it has to be designed out.

Implications

This is a catalyst for durable change, not a transient tooling wobble. The inflection window is 2026 to 2028, set by the bill's passage timeline and the framework review, and the question it forces is whether biosecurity governance can move from controlling known agents to anticipating designed function. The Council on Strategic Risks (22/12/2025) frames the shift precisely: AI's ability to break the inherited relationship between a biomolecule's sequence, structure and function is what pushes current methods to their limits. Once a mandate is written, its paradigm is expensive to change, because providers build compliance infrastructure around it. The cost of getting the paradigm right is front-loaded; the cost of getting it wrong compounds.

This signal is not a claim that DNA synthesis screening is useless: it remains one of the few physical chokepoints AI coding agents cannot easily route around, and the Centre for the Governance of AI argues it should be strengthened, not abandoned. It is also not a generic warning that AI makes biology dangerous: the concern is specific and narrow, a mismatch between a list-matching method and a generative design capability. And it is not a prediction that S.3741 fails: the bill may well pass and deliver real value, but passing a homology-based mandate is not the same as closing the homology gap. Competing interpretations: that function-based screening tools mature fast enough to be folded in before the gap is exploited, or that the binding constraint on misuse is access to dual-use biological data, not synthesis screening.

Early Indicators to Monitor

NIST publishes a sequence-to-function screening prototype or standard with an actual deployment timeline, rather than an open-ended research mandate.
S.3741 is amended in the Commerce Committee to require, not merely research, function-based screening, or to change split-order detection from "may" to "shall".
A major synthesis provider such as Twist Bioscience, IDT or Ginkgo Bioworks adopts function-based screening ahead of any mandate and markets it.
The scheduled United States nucleic acid synthesis framework review recommends function-based methods as a screening requirement.
A documented case emerges of an AI-designed sequence order reaching synthesis without being flagged.

Disconfirming Signals

Peer-reviewed evidence that patched homology-based tools robustly detect AI-paraphrased sequences across short and long fragment lengths.
S.3741 stalls with no successor bill, so no paradigm is locked in and the signal's premise weakens.
Function-based screening proves computationally impractical at the throughput and price points commercial providers operate at.
Biological AI model capability plateaus, with no further peer-reviewed evasion demonstrations published over 12 to 18 months.
Evidence accumulates that access to dual-use biological data, not synthesis screening, is the binding constraint on misuse, making the screening paradigm secondary.

Strategic Questions

Should synthesis providers fund function-based screening now, or wait for a federal mandate that may lag the demonstrated threat by years?
At what trigger should a biosecurity insurer reprice synthesis-provider and biotech R&D exposure?
Should AI labs gate biological-model fine-tuning behind know-your-customer controls before regulation requires it?

Keywords

DNA synthesis screening; homology-based screening; function-based screening; biosecurity; S.3741; Biosecurity Modernization and Innovation Act; AI protein design; biological AI models; sequences of concern; nucleic acid synthesis; dual-use research; NIST biosecurity sandbox

Bibliography

Tier 2 2025 AIxBio Wrapped: A Year in Review and Projections for 2026. Council on Strategic Risks. Published 22/12/2025.
Tier 1 Synthetic nucleic acids in a post-agent biosecurity Era. Frontiers in Bioengineering and Biotechnology. Published 20/04/2026.
Tier 1 Toward relational biosecurity: understanding AI-enabled biology as a connected system. Frontiers in Microbiology. Published 14/05/2026.
Tier 2 Coding Agents Are Changing the Biosecurity Risk Landscape. Centre for the Governance of AI. Published 20/04/2026.
Tier 2 Expanding our analysis of biological AI models. Epoch AI. Published 20/02/2026.
Tier 3 Biosecurity Catching Up to the Modern Era: A Look Into S.3741. Health Law & Policy Brief, American University. Published 29/03/2026.
Tier 4 S.3741 and the art of Not Dying of engineered pathogens: a gap analysis. The Counterfactual. Published 24/03/2026.