The Synthesis Problem

There is a strange kind of confession buried in the news this month. The companies racing to build the most capable artificial intelligence on Earth — OpenAI, Anthropic, Google DeepMind, Microsoft — sent a joint letter to the United States Congress. Its message, stripped to the bone: our own technology is becoming dangerous enough that we would like you to regulate the thing it touches. Not the AI. The DNA.

For a decade, "AI safety" has mostly meant abstractions — alignment, misuse, runaway systems. The synthetic DNA letter is something more concrete and more unsettling. It points at a specific, physical chokepoint in the path from a bad idea to a real pathogen, and it argues that the chokepoint is about to fail because AI is making the early steps too easy.

The barrier that was always knowledge

Designing a dangerous biological agent has historically required something rarer than equipment: deep, tacit expertise. You needed years of training to understand how a pathogen's genes map to its behavior, how to modify them without breaking the organism, how to coax a sequence into something viable. That expertise was the moat. It kept the number of people capable of causing catastrophic harm vanishingly small.

Advanced AI models — especially the specialized life-sciences systems now emerging — erode that moat. They can reason about biological sequences, suggest modifications, troubleshoot failed designs, and explain the steps a trained scientist would otherwise have spent years learning. The same capability that lets a model help design a cancer therapy or a vaccine can, pointed the other way, walk a far less expert actor through territory that used to be closed.

This is not a hypothetical the labs invented to look responsible. Over the past two years, the frontier developers have published their own evaluations showing that successive models score higher on tasks measuring biological uplift — the degree to which a system could help a non-expert accomplish steps in a dangerous workflow. Anthropic has openly tied higher safety tiers to exactly this risk. The companies are, in effect, grading their own products on how much they lower the barrier to harm, and the grades keep rising. The DNA letter is what happens when an industry's internal red-team findings spill into a public request for help.

Here is the crucial detail the letter fixates on: a digital design, however dangerous, is inert. To become a physical threat, a sequence of letters has to be turned into actual molecules — and that still happens through a relatively small number of companies that synthesize DNA to order. That step is the last reliable physical bottleneck between an idea and an organism. The signatories want that bottleneck guarded.

What the letter actually asks for

The request is narrower and more practical than the headlines suggest. It does not ask Congress to regulate AI models. It asks for mandatory rules on the providers who synthesize DNA and the manufacturers who build benchtop synthesis machines. Specifically, the signatories want federal law to require that those providers:

In other words: make the DNA-printing industry do, by law, what only its most responsible members do voluntarily today. Verify your customers. Read what they're asking you to build. Keep the receipts. None of it is exotic; much of it mirrors guidance that already exists on paper. The argument is that voluntary guidance is no longer enough when the population of people who can write a dangerous design is about to expand.

There is a precedent for this logic, and the signatories know it. For decades, the most sensitive corners of science — certain nuclear materials, select agents in microbiology — have been governed not by trusting individual researchers but by controlling the physical inputs and keeping records of who handles them. The DNA letter is, in essence, an argument to treat synthesis providers the way we already treat the suppliers of other dual-use materials: as a regulated checkpoint rather than a neutral storefront. What is new is the trigger. The case for control used to rest on how rare the expertise was. Now it rests on how quickly that rarity is eroding.

Rosalind: defense as a product

The legislative push did not arrive alone. Days earlier, on 29 May 2026, OpenAI launched Rosalind Biodefense, opening its specialized life-sciences model, GPT-Rosalind, to vetted developers and U.S. government partners for pandemic preparedness. The framing is defensive: use the same biological reasoning power to design countermeasures, detect novel threats, and accelerate the response to an outbreak.

But Rosalind also crystallizes the dilemma. A model good enough to design defenses against pathogens is, by construction, a model that understands pathogens deeply. The capability does not come in two flavors. This is the textbook shape of a dual-use technology — one whose benevolent and malevolent applications are not separate features but the same feature seen from two sides. OpenAI's answer is to gate access tightly, to vetted partners only. Critics note that gating is exactly the kind of voluntary control the DNA letter implicitly admits is fragile.

Why the chokepoint matters more than the model

There is a quiet strategic wisdom in aiming at the DNA rather than the AI. Models proliferate, leak, and improve; you cannot reliably contain software. Physical synthesis is different. It requires reagents, machines, and shipping addresses — friction that lives in the real world and can be watched. By concentrating oversight at the synthesis step, regulators could, in principle, catch a dangerous design at the one moment it must cross from information into matter, regardless of which model produced it.

None of this is starting from zero. A voluntary industry body, the International Gene Synthesis Consortium, has screened orders for two decades, and U.S. policy has for years encouraged — but not required — that federally funded research buy only from providers who screen. The gap the letter targets is the word "required." Voluntary screening covers the responsible majority of the market and none of the actors most likely to matter. A benchtop synthesizer bought outright answers to no consortium at all. The proposal is less a new idea than an overdue upgrade: take a patchwork of good intentions and make it a floor that everyone, including the careless and the malicious, has to stand on.

The objections, and what comes next

Not everyone is reassured. Some biosecurity researchers argue the proposed screening is necessary but nowhere near sufficient — that benchtop synthesizers are spreading, that adversaries can split orders across providers to evade detection, and that "sequences of concern" lists will always lag behind what a creative model can devise. Others worry about the precedent of letting the largest AI firms shape the rules for an adjacent industry, and about whether tightened access concentrates powerful biological tools in the hands of a few well-connected players.

And there is the awkward optics, impossible to ignore: the companies sounding the alarm are also the ones building, and commercializing, the capability that makes the alarm necessary. A skeptic can read the letter as genuine responsibility or as a bid to define the safety conversation on favorable terms. Most likely it is both at once, which is how technology policy usually works.

The hardest part is that the chokepoint is only as strong as its weakest border. Synthetic DNA is a global market; a screening law that binds American providers does little if an order can simply be placed with a firm in a jurisdiction that screens nothing. This is why biosecurity experts frame the letter as a first move rather than a solution — useful precisely because the United States hosts so much of the world's synthesis capacity, but incomplete without parallel standards abroad and the diplomatic work to harmonize them. A lock on one door matters less than whether the other doors are also lo