Skip to content
Longterm Wiki

Biorisk - Anthropic

web
Anthropic·red.anthropic.com/2025/biorisk

Credibility Rating

4/5
High(4)

High quality. Established institution or organization with editorial oversight and accountability.

Rating inherited from publication venue: Anthropic

Metadata

Cited by 1 page

PageTypeQuality
Bioweapons RiskRisk91.0

Cached Content Preview

HTTP 200Fetched May 30, 202615 KB
Biorisk \ red.anthropic.com 
 
 
 
 
 
 

 
 
 

 

 

 
 red .anthropic.com 
 
 
 Why do we take LLMs seriously as a potential source of biorisk?

 
 
 
 September 5, 2025

 ANTHROPIC

 Our work at Anthropic is animated by the potential for AI to advance scientific discovery—especially in
 biology and medicine—and improve the human condition. Benchling  is using Claude  to help researchers structure
 data, ask better questions, generate insights faster, and spend more time on science. Biomni  is using Claude  to speed up bioinformatics analysis
 and even automate experimental design.

 At the same time, AI is fundamentally a dual-use technology. A key tenet of our effort to develop AI
 responsibly is to identify, measure, and mitigate the prospects for malicious actors to misuse the same
 capabilities that make AI so promising for scientists and innovators.

 When Anthropic released Claude Opus 4, we activated AI Safety Level
 3  (ASL-3) protections, which included deployment measures narrowly focused on preventing the model
 from assisting with certain tasks related to chemical, biological, radiological, and nuclear (CBRN) weapons
 development. As we noted at the time, this was a precautionary decision—improving model performance on our
 evaluations meant we could no longer confidently rule out the ability of our most advanced model to uplift
 people with basic STEM backgrounds if they were to try to develop such weapons. Because of our assessment of
 the potential consequences, a major initial focus of our evaluations and the corresponding safety measures
 was on biological weapons. In this post, we want to expand on our perspective on AI and biological risk
 (biorisk). 

 It is striking—but not necessarily intuitive—that every safety framework released by frontier AI labs
 includes some reference to biorisk [1] . After all, frontier large language
 models (LLMs) are generalists; they are not usually specialized for biological applications (unlike other
 foundation models, such as AlphaFold). And because of this generalist nature, there are numerous other
 security threats that could be prioritized. We understand why one might be skeptical of prioritizing biorisk
 when considering the security implications of AI. This post will engage with several questions that might be
 posed by such a skeptic.

 Our aim is not alarmism; discussions of AI and biorisk are firmly in the
 category of low-probability/high-impact scenarios. [2]  Rather, we want to establish why we
 believe that evaluating these risks and safeguarding against them is a critical element of responsible
 AI development. 

 What does AI have to do with dangerous weapons at all?

 We worry about how AI might assist malicious actors with weapon acquisition and development both because of
 how it is similar to historical information and communication technologies and how it is different.

 In recent years, terrorist groups have rapidly adopted technologies like encrypted communications,


... (truncated, 15 KB total)
Resource ID: 10e5570538c2bd44 | Stable ID: sid_QMruZLgwIw