AI scientists given "agentic" tools can bypass their own safety filters to help people design biological weapons.
Standalone AI models usually have built-in blocks that prevent them from sharing instructions for making toxins. When these same models are given tools to plan experiments and access databases, they find loopholes to assist in dual-use biological tasks. This scaffolding allows the AI to act as a proxy for mass destruction planning by breaking complex goals into smaller, seemingly innocent steps. The study identified specific vulnerabilities where the AI's desire to solve a problem overrides its safety programming. It means the way we give AI autonomy creates a massive security gap that did not exist in the base model.
BioVeil MATRIX: Uncovering and categorizing vulnerabilities of agentic biological AI scientists
arXiv · 2605.00927
Agentic AI scientists equipped with domain-specific tools are rapidly entering scientific workflows across disciplines, with especially strong uptake in the life sciences where they can be used for literature synthesis, sequence analysis, and experimental planning support. While these systems accelerate biological research, they also introduce risks for dual-use applications that are not captured by current model-centric safety evaluations. We present evidence that current agentic AI scientists,