惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
C
Cybersecurity and Infrastructure Security Agency CISA
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Know Your Adversary
Know Your Adversary
S
Securelist
I
Intezer
AWS News Blog
AWS News Blog
L
LINUX DO - 热门话题
P
Privacy International News Feed
Recent Announcements
Recent Announcements
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Attack and Defense Labs
Attack and Defense Labs
N
News and Events Feed by Topic
The GitHub Blog
The GitHub Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Schneier on Security
Schneier on Security
N
Netflix TechBlog - Medium
爱范儿
爱范儿
B
Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
CERT Recently Published Vulnerability Notes
Hacker News: Ask HN
Hacker News: Ask HN
Google DeepMind News
Google DeepMind News
Engineering at Meta
Engineering at Meta
Blog — PlanetScale
Blog — PlanetScale
WordPress大学
WordPress大学
S
Secure Thoughts
K
Kaspersky official blog
N
News | PayPal Newsroom
O
OpenAI News
Last Week in AI
Last Week in AI
C
Check Point Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Cyberwarzone
Cyberwarzone
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
Tor Project blog
大猫的无限游戏
大猫的无限游戏
Vercel News
Vercel News
D
Docker
Hugging Face - Blog
Hugging Face - Blog
T
Threat Research - Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
The Register - Security
The Register - Security
博客园 - 司徒正美
Martin Fowler
Martin Fowler
人人都是产品经理
人人都是产品经理
P
Palo Alto Networks Blog

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
AI can design viruses, toxins and other bioweapons. How worried should we be?
Brajeshwar · 2026-05-14 · via Hacker News - Newest: "AI"

It’s hard to imagine that a snail could kill a person, but a particularly venomous group of marine molluscs called cone snails can. Their stings contain a cocktail of small proteins called conotoxins, some of which can block ion channels in the nervous system. No antivenom exists.

There are hundreds of thousands of conotoxin structures, and many are harmless to people or even medicinally useful: an approved treatment for chronic pain is derived from one, for instance. But research on specific dangerous conotoxins is highly restricted in some countries.

So, in 2024, when Chinese scientists reported developing an artificial-intelligence tool to design conotoxins1, it raised eyebrows in some quarters. In an e-mail to a private AI and biotechnology discussion group seen by Nature, a senior US government employee flagged the study as a possible biosecurity risk. The employee, who asked not to be named because of concerns for their job, felt it was especially concerning that the conotoxin AI is based on an open-source protein language model developed by US scientists.

Underwater close-up of a textile cone snail on the sea bed.

The textile cone snail (Conus textile), one of a number of venomous species of cone snail.Credit: Pascual Fernandez Gomez/iStock via Getty

One of the conotoxin study’s authors told Nature that the concern is unwarranted. The work was aimed squarely at discovering drugs, says Weiwei Xue, a computational chemist at Chongqing University in China and a co-author of the paper. Xue’s team has found some conotoxins with potential therapeutic qualities after testing designs in the laboratory, he says. Although it is important to consider the risk that the AI tool could be misused, it was not designed to make harmful proteins, he adds. What’s more, translating designs into physical molecules requires significant expertise and equipment. Other researchers also told Nature that the risks of the work seem minimal.

The episode, however, illustrates a growing concern over emerging AI tools in biology; although they are being developed to help produce innovative drugs and other societal benefits, they could also make it easier to create new threats. The revolution in biological AI tools, such as AlphaFold, has enabled scientists at a keystroke to design bespoke proteins and viruses that kill superbugs, and general-purpose chatbots can boost people’s knowledge of how to make these designs in a lab. Might the latest AIs also speed up the development of more-potent toxins, viruses or other bioweapons?

The biosecurity threat is serious, interviews with more than 20 scientists and policy researchers suggest. “Theoretically — and this is what keeps me up at night — one could now develop toxins on the level of ricin or other very deadly agents that would be virtually undetectable,” says Martin Pacesa, a structural biologist at the University of Zurich in Switzerland.

But there is debate over what to do about these risks. Some are calling for limits on biological AI and others are wary of negative impacts on research. “We’ve always made the assessment that the benefits to the world far outweigh the dangers,” says computational biophysicist David Baker at the University of Washington in Seattle, who shared a 2024 Nobel prize for his pioneering work on protein design. “But, as capabilities increase, I think that’s going to be an important question to keep considering.”

Some say the focus should be on detecting and countering AI bioweapon attacks, as opposed to trying to prevent them by imposing software restrictions. “That ship has sailed in my opinion,” says protein designer Timothy Jenkins at the Technical University of Denmark in Kongens Lyngby.

What’s the worst that could happen?

There are two broad concerns around AI and bioweapons, says James Black, an AI biosecurity researcher and visiting scholar at Johns Hopkins University in Baltimore, Maryland.

One is that individuals working in garage labs could use a chatbot to learn how to produce or deploy existing threats, such as anthrax. Another is that more-sophisticated actors, such as states or well-resourced terrorist groups, could combine chatbots with specialist biological software to design new bioweapons.

Two people in full hazmat suits approach a park bench partially covered by a forensic tent.

A nerve agent was used as a bioweapon in the United Kingdom in 2018; here, officers rush to cover the site.Credit: Matt Cardy/Getty

The greatest potential threat to humanity could be AI-designed pandemic viruses, researchers say. The most plausible route would be to modify existing viruses, such as SARS-CoV-2 or influenza, to enhance worrying properties — their ability to evade the immune system, for instance. Existing AI tools that can predict viral evolution (intended for use in surveillance and vaccine design) could be misused in this way, says Doni Bloomfield, a law professor who studies biosecurity at Fordham University in New York City.

Alternatively, AI models might design entirely new pathogens that could be difficult to detect and counter. One 2025 preprint used AI to design the genomes of new viruses, of which some 5% worked when they were made in the lab2. However, the viruses in that study were designed to infect bacteria, not people.

Sounds scary? A 2025 report3 by the US National Academies of Sciences, Engineering, and Medicine (NASEM) offers a reality check. It concluded that numerous barriers stand in the way of using AI to meaningfully enhance pandemic pathogens or design them from scratch. One key obstacle is the lack of high-quality data connecting properties such as virulence or transmissibility to a pathogen’s genetic sequence, making it hard to reliably predict changes that would enhance such traits. Another is the difficulty of producing pathogens in the lab and testing their characteristics, which AI has done little to address.

And some scientists question whether bad actors would even turn to AI when the natural world brims with threats of its own. Decades-old techniques that introduce random mutations can improve worrying traits without AI, says Brian Hie, a computational biologist at Stanford University in California.

“If you want to cause harm on a very large scale, you don’t need protein design to do that,” adds Baker.

The NASEM report does, however, conclude that a toxin might be designed using existing biological AI tools, although its production and delivery would remain a challenge. A designer toxin could be impossible to detect in people if it was not already known, and might be more likely to find use in individual attacks such as assassination attempts, says Jenkins. “I think the tools that have already been published are sufficient starting points for people to get up to no good,” he says.

Seth Donoughe, director of AI at the non-profit organization SecureBio in Cambridge, Massachusetts, says his main concern is the potential for AI — including general-purpose chatbots and bespoke biological models — to increase the expertise of bad actors.

In a series of experiments described in a February preprint4, Donoughe and his colleagues found that access to cutting-edge large language models (LLMs) enabled individuals with minimal biological training to match or exceed PhD scientists at tasks such as troubleshooting virology protocols and generating code to operate lab robots. Related preliminary work by Donoughe and his colleagues has found that some AI agents — tools that are allowed to conduct some tasks by themselves, such as running and executing code — could direct biological AIs to enhance the pathogenic properties of a viral protein.

However, another preprint5, posted in February by scientists at Active Site, a research non-profit body in Cambridge, Massachusetts, found that novices who had access to LLMs didn’t perform tasks such as manipulating DNA or producing a virus significantly better than volunteers who used only Internet resources (see ‘Does AI raise novices’ biology-lab skills?’). So it’s possible that the digital ‘uplift’ that AI provides isn’t yet sufficient to produce a bioweapon — but this might not be true for long.

Does AI raise novices’ biology-lab skills? Four line charts that show step-by-step task completion in four lab tasks related to generating viruses, with slightly higher rates for LLM access than Internet access, declining across steps.

Source: Ref. 5

“AI is becoming increasingly capable on every relevant task we’ve ever thrown at it,” says Donoughe. “We should expect that it should be easier to do good things, and it should be easier to do bad things.”

Screening checks

Many scientists say the best way to prevent the development of AI bioweapons is to detect bad actors at the point of manufacturing viruses or toxins. “In the end, it doesn’t matter what you do in the computer most of the time,” says Pacesa. “What matters is how you translate it into a real, physical protein or small molecule.”

Researchers who are interested in producing AI-designed proteins or synthetic genomes tend to order their genetic sequences from companies that synthesize nucleic acids: that is, chains of DNA and RNA. Some firms that provide this service are part of an industry group, the International Gene Synthesis Consortium, that requires its members to screen consumer orders for sequences that could encode toxins, pathogenic proteins and other potentially harmful molecules. But work led by researchers at the technology giant Microsoft6, published in 2025, found that this screening can be overcome using AI tools.

Eric Horvitz, the firm’s chief scientific officer, and his colleague Bruce Wittmann, both based in Redmond, Washington, led a team that used open-source protein-design tools to redesign 72 biological molecules that could represent a biosecurity threat, including toxins and viral proteins. Researchers designed 76,000 of these ‘synthetic homologues’ to match the structure of existing threats enough to maintain their dangerous function. However, they were encoded by genetic sequences that were distinct enough to slip past screening software at four companies that participated in the study.

The results were mixed. The DNA-screening tools flagged some, but by no means all, of the synthetic homologues, with around one-quarter of the best designs — those predicted to most closely resemble a real threat — evading detection. After three of the four companies introduced updates to fix their software, only about 3% of the top-rated designs were missed. Then, a March preprint by Horvitz, Wittmann and their colleagues7 found that breaking up synthetic homologues into fragments of just 25 nucleotides can make them difficult to detect, even by updated screening software. However, assembling such short fragments into a gene would be exceptionally difficult, the researchers say, and the software performed well on larger fragments.

Horvitz and his colleagues have withheld the designs, the identity of the targets and other key information, although researchers can apply for access.

By contrast, Xue and his colleagues published the conotoxin sequences that their AI tool generated, although their work, unlike Horvitz’s, was not focused on making dangerous molecules1 (see ‘AI-designed toxins’). And some of these sequences might not trigger alerts if ordered from a DNA-synthesis company. When Nature pasted the 45 designs included in the paper into a widely used bioinformatics tool called BLAST, which looks for similar sequences in genetic databases, just five were flagged as matching toxin sequences from cone snails. An open-source tool designed for DNA-synthesis screening turned up several more matches.

AI-designed toxins: Grid of protein structures comparing natural (blue) and AI-designed (orange) conotoxin proteins.

Source: Ref. 1

One important caveat is that redesigned toxins that slip past screening might be so dissimilar to natural versions that they lose their function. A follow-up study to the work by Horvitz and colleagues supports this. A team co-led by Wittmann and Elizabeth Strychalski, a scientist at the US National Institute of Standards and Technology in Gaithersburg, Maryland, tested in the lab whether molecules designed to evade screening retained the function of the molecule they were supposed to imitate8. In their experiments (which avoided using toxins), simple proteins did still work in some cases, but enzymes did not. “It just showed that it’s a messy, hard thing to get to work,” says Horvitz, who was involved in the study.

The synthetic-homologue studies were reassuring, says James Diggans, vice-president for biosecurity and policy at DNA-synthesis company Twist Bioscience in South San Francisco, California, who was also part of the lab-testing effort. “Right now, the screening practices still stand as a really effective bulwark against misuse, even if you’re using these AI tools upstream to evade that detection,” he says.

But Diggans concedes that the field is moving fast. New models could be better at designing proteins that evade detection than are the protein-design tools that Horvitz’s team used, which were released in 2023.

Researchers are working on tools that could help to screen nucleic-acid-synthesis orders on the basis of the structure and potential function of the encoded molecules. And Baker has long argued that all such orders should be collated in a private registry, although the idea hasn’t gained traction in industry.

Simpler, sequence-based screening remains voluntary — for now. To comply with a 2025 US executive order, research funders there might soon require scientists to order nucleic acids from companies that use screening software, and the United Kingdom, the European Union and countries such as New Zealand are also considering screening requirements. But most countries have no requirements at all. In China, which receives more than 30% of DNA-synthesis orders globally, the government has asked DNA-synthesis companies to implement screening, although this has not yet been mandated, says Weiwen Zhang, a synthetic biologist at Tianjin University. Currently, foreign orders, which are typically subject to export controls, tend to receive more attention than do domestic orders, he says.

It is possible to order a toxin sequence from many providers around the world without being flagged at all, says Tessa Alexanian, who works on DNA-synthesis screening tools and standards at the International Biosecurity and Biosafety Initiative for Science, a non-profit organization in Geneva, Switzerland.

Adding to worries are the development of ‘tabletop’ DNA-synthesis machines, which currently can generate only very short sequences, but will be able to make longer fragments in the near future, say researchers.

Guard rails on AI models

Another line of thought is that the AI tools themselves — particularly those specialized for biology — should have more-stringent access controls or guard rails to stop misuse. Baker says that he and his team routinely evaluate any potential risks of their protein-design tools before making them available. This is in line with a series of principles for responsible AI and biodesign that he and others released in March 2024 (see go.nature.com/4cjbu6t). Nearly 200 scientists have signed the statement, but the onus is on the scientific community to regulate itself. And Baker says he’s never seen the need to restrict the tools his lab develops for basic design of proteins and other biomolecules.

Firms that create general-purpose AI chatbots, such as OpenAI in San Francisco, California, already train their models to refuse or safely respond to harmful requests, which include biosecurity-related queries. In particular, an OpenAI safety article says the firm’s models shouldn’t provide “detailed, actionable steps” for carrying out potentially large-scale harmful activities that include deploying chemical and biological weapons.

A similar practice might be needed for biological AI models, researchers have suggested. Some developers of these tools have also begun to add guard rails to their models’ training data before release. For instance, the Evo 2 ‘genomic language model’ was trained on 128,000 genome sequences from species spanning the tree of life, but excluded viruses that infect eukaryotic organisms such as humans and other animals. As a result, Evo 2 does a poor job of designing sequences from those viruses and predicting their properties, such as the effects of mutations9.

Yet scientists have found that guard rails can be overcome. The research by Donoughe and his team4 found that nearly 90% of the participants in that study were able to obtain high-risk biological information from general-purpose LLMs, and other researchers regularly warn that chatbots still provide such information to users. In an April article about this concern, The New York Times reported that a man arrested in India last year on charges of plotting to make the toxin ricin for a terrorist attack asked for advice from ChatGPT and AI-powered Google searches. (The article quotes a spokesperson for OpenAI, who said it seemed from public reports that the information the man sought was already accessible online.)

As for specialized AI software, Stanford bioengineer Le Cong and his colleagues were able to use a general-purpose AI agent to trick Evo2 into generating new versions of SARS-CoV-2 and HIV-1 proteins10. ‘Fine-tuning’ Evo 2 using publicly available genome data from human-infecting viruses also restored capabilities, another study found11.

Hie, who co-led the development of Evo 2, says he isn’t shocked that the guard rails can be overcome, because of the availability of training data. Nor would he be surprised if models such as this could design viruses that infect human cells. But even if such capabilities exist, he would like to continue releasing models as openly as possible. “I think that model openness actually contributes to greater safety, as safety researchers can freely study these models,” he says.