Leaders from Anthropic, OpenAI, Microsoft, Meta, and Google DeepMind co-signed an open letter to US lawmakers on Wednesday asking Congress to make biosecurity screening of synthetic DNA and RNA orders mandatory, a regime that today exists only as voluntary industry practice. The letter, hosted at screendna.org and organised by the Foundation for American Innovation and the Institute for Progress, was joined by executives from the two largest synthetic gene suppliers, Twist Bioscience and Ansa Biotechnologies, plus a long roster of Nobel laureates, former defence officials, and national security analysts.
A coalition that rarely agrees on anything
The signatory list reads like a who's who of labs that spend most of the year arguing with each other. Dario Amodei of Anthropic, Sam Altman of OpenAI, Mustafa Suleyman of Microsoft AI, Alexandr Wang of Meta, and Demis Hassabis of Google DeepMind (a 2024 Nobel laureate in chemistry for AlphaFold) all put their names to the same document. They were joined by Twist CEO Emily Leproust, the Ansa Biotechnologies founding team, Stripe's Patrick Collison, Y Combinator's Paul Graham, 2024 Nobel chemistry winner David Baker, Johns Hopkins biosecurity director Tom Inglesby, MIT's Kevin Esvelt, and former service secretaries Christine Wormuth and Richard Danzig.
The letter is blunt about why the timing matters. As The Verge reported, the signatories argue the underlying technology is moving faster than the policy response, and that a narrow technical fix on the supply side can close a real gap without waiting for a broader AI bill. The screendna.org text says outright that AI systems now "outperform PhD-level virologists on questions about highly technical laboratory procedures," eroding the knowledge barrier that historically kept bioweapon design out of reach for most actors.
What mandatory screening would actually require
The ask has three concrete components, all already practiced voluntarily by members of the International Gene Synthesis Consortium since 2009. First, providers would have to screen every synthesis order against curated sequences of concern before shipping. Second, they would have to verify the customer is a legitimate research organisation. Third, they would have to retain order data and sequence metadata so biosecurity investigators can trace suspicious activity after the fact, including orders that look benign in isolation but compose into something dangerous.
The signatories also want Congress, not the states, to set the rule. The letter explicitly warns against a patchwork of state-level requirements and calls for a single national standard built on existing federal and industry guidelines. That framing is a quiet pitch to Republican lawmakers who tend to prefer pre-emption to a fifty-jurisdiction compliance burden on US biotech suppliers.
The conceded admission about model guardrails
Read carefully, the letter contains an admission that matters far beyond biology. The frontier labs are telling Congress that their own refusal layers cannot be fully relied on to stop a determined user from getting useful uplift on dangerous pathogen design, and that the DNA supply chain is the backstop they are betting on. That is a striking thing to say on the record. It implies the labs have looked at their red team results, their jailbreak rates, and their evaluation scores from groups like NIST CAISI, and concluded that model-side controls are not a complete defence.
It is also a useful precedent. Once an industry concedes that model guardrails are insufficient for one catastrophic risk category, the same logic gets applied to others, code execution against critical infrastructure, autonomous financial actions, and high-stakes medical advice among them. Expect that argument to surface in the EU AI Office's general purpose AI codes of practice over the next two quarters.
build the action-layer check now
For any team shipping agents that touch the real world, we read this letter as confirmation of an architecture decision worth making in the next contract cycle. The model's refusal layer is not the last line of defence, and the vendor is telling you so in writing. The right pattern is a hard, auditable check at the action layer, the moment the agent calls a tool, places an order, executes code, or writes to a system of record. That check should live in your stack, not the model provider's, because it is the only place you control the policy.
Concretely, we would not renew a multi-year frontier model contract in 2026 without a clause that gives the buyer access to evaluation results on biological, chemical, and cyber uplift, refreshed quarterly. We would budget roughly 5 to 8 percent of an agent program's first-year spend on an independent policy engine sitting between the model and any tool with side effects, with deterministic allow-lists for high-risk categories. Build versus buy on that engine tips toward build for any team running more than ten production agents, because off-the-shelf guardrail SaaS still ships with generic taxonomies that miss domain-specific risk. Peers in European retail, from Carrefour to Ahold Delhaize to Otto, that are piloting agentic checkout and supplier workflows will face the same question on a shorter timeline than they expect, because the same recordkeeping logic the letter wants for DNA orders will land on AI-mediated commerce next.
The next thirty days will decide whether this is law or theatre
The signal to track is whether a bipartisan bill is introduced before the Congress recesses in late July. If the letter produces a draft text from a Senate HELP or Commerce member by then, the screening regime has a realistic path to a vote inside this session, with Twist and Ansa positioned as the compliance template. If no bill appears by August, the letter will join the long list of frontier lab policy gestures that were photographed and forgotten, and the next move falls to NIST CAISI's biological uplift evaluations and the EU AI Office's codes of practice to set the de facto international standard instead.
