Comment by Tal Feldman

Since computational infrastructure is largely open-access, decentralized, and global, regulatory chokepoints are limited. Export controls may delay access to high-performance computing, but they are unlikely to prevent the use of open-source models fine-tuned on public data. Access restrictions on commercial platforms can be circumvented by running models locally. Even if next-generation safety tools could detect a dangerous protein sequence, models can be modified or fine-tuned in private—especially by well-resourced actors. To be clear, model output alone is not enough. Developing a functional bioweapon still requires access to DNA synthesis services, laboratory infrastructure, and methods of delivery. But those barriers are far lower than they once were—and continue to fall. The threshold for misuse is no longer high. In this environment, prevention cannot be the United States’s only strategy. Open-source PLMs are already circulating globally, making it increasingly easy for malicious actors to create pathogens. What matters is how fast U.S. defense systems can respond—and whether the nation has the infrastructure in place to do so. As with cybersecurity, resilience—not containment—must become the cornerstone of national biosecurity policy. PLMs are both the cause of and solution to this risk. The same models that could be used to design pathogens are already helping scientists discover new drugs. Their ability to generate novel, functional proteins is precisely what makes them indispensable for rapid response. Shutting them down wouldn’t just slow biomedical progress—it would weaken U.S. defenses. If the U.S. can’t stop the technology, it must outrun its weaponization. In the age of generative biology, resilience is the only viable defense.