AI Can Already Evade DNA Synthesis Screening. Congress's New Bill Doesn't Address That.

Note: This is a review of the DNA synthesis screening provisions of S.3741, the Biosecurity Modernization and Innovation Act of 2026, introduced by Senators Cotton (R-AR) and Klobuchar (D-MN) earlier this year. I’m focusing specifically on the synthesis screening sections and their gaps; the bill also includes other biosecurity-related provisions that I won’t discuss in detail here.

Photo by Sangharsh Lohakare on Unsplash

Background

What is DNA synthesis?

DNA synthesis is the process of building custom DNA sequences. A researcher types a desired sequence into a computer, submits an order to a commercial provider, and receives a vial of synthetic DNA in the mail. The process is quick and can be relatively inexpensive ($0.07 to $0.09 per base pair in some cases; other companies offer flat rates).

Why is it dangerous?

Some viruses’ entire genomes can be assembled from commercially purchased DNA fragments. In 2006, an investigative journalist with the Guardian was able to mail order a “modified sequence of smallpox DNA,” and their order was not screened by the provider since it was less than 100 letters long.

What’s the current state of screening requirements?

Currently, no country has enacted a law requiring gene synthesis providers to screen DNA orders for dangerous sequences or conduct background checks on customers. While some labs screen orders on a voluntary basis through organizations like the International Gene Synthesis Consortium, compliance remains optional and inconsistent.

Perhaps the closest any jurisdiction has come is the United States, which in 2024 became the first country to require providers to self-attest to compliance with the U.S.’s Framework for Nucleic Acid Synthesis Screening— but only as a condition of federal research funding. Unfortunately, an Executive Order in May 2025 paused implementation, and no replacement framework has been issued.

California has a state-level requirement, but it applies only to the California State University system. New York is currently working on passing similar state-wide legislation.

Ultimately, despite several congressional bills attempting to mandate screening at a federal level, none have passed. This regulatory gap means anyone, including those with malicious intent, can order potentially dangerous genetic sequences with minimal oversight.

S.3741 could finally change the woeful state of synthesis screening in the United States. The bill, introduced earlier this year, makes DNA synthesis screening mandatory and federally enforceable.

However, there are critical gaps worth flagging— some of which, if unaddressed, could leave the most dangerous threat vectors uncovered.

What I think the bill gets right

1. Mandatory screening with enforcement

The bill requires all covered providers to implement screening protocols for sequences of concern and to verify customer identity and legitimacy. The bill explicitly states that these regulations “shall supplant any Federal guidelines or recommendations” that “are voluntary.” Violations carry civil penalties up to $500,000 for individuals and $750,000 for organizations (see Sec. 4(f)(3)).

In my opinion, this is the most important provision in the bill. The voluntary system has been a known weakness for years; making screening mandatory with financial penalties is a common-sense and long overdue step.

2. Addressing the split order problem

One of the most obvious evasion strategies for ordering potentially dangerous DNA sequences is splitting a dangerous sequence across multiple synthesis providers, so that no single provider sees the complete sequence. The bill addresses this by requiring providers to submit order information to a centralized-ish mechanism “for facilitating effective split order detection across covered providers.”

I have concerns about how this is implemented (see below), but the fact that the bill explicitly names split order detection as a requirement is a positive sign.

Critical gaps

1. Screening is homology-based, not function-based

The bill’s screening framework is built around a “list of sequences of concern” maintained by the Secretary of Commerce. In practice, this means screening works by checking whether an ordered sequence matches (or is highly similar to) something on the list; this is called homology-based screening.

The problem is that AI-enabled protein design tools can generate novel sequences that perform the same dangerous functions as known pathogens but have little or no sequence similarity to anything on any list. A recent study led by Microsoft and IBBIS researchers (shoutout Tessa! :) demonstrated that open-source AI tools could engineer new protein variants of known proteins of concern that successfully evaded synthesis screening. As Nobel laureate David Baker and Harvard geneticist George Church have emphasized, screening based on homology alone is unlikely to be sufficient when de novo protein design can produce functionally dangerous proteins with no recognizable homology.

The bill does briefly reference this problem— Sec. 4(b)(3) directs NIST to “research and prototype sequence-to-function models to supplement the system.” However, this is framed as a research task, not a screening requirement, and there’s no timeline, no funding authorization, and no mandate to actually integrate function-based screening into the operational framework.

2. Benchtop synthesis is covered on the sales side but not the use side

The bill includes sellers of benchtop synthesizers in its definition of “covered provider,” which means companies that sell DNA synthesis equipment are subject to the same customer verification requirements as companies that sell synthesized DNA.

However, this provision only addresses the point of sale. Once someone purchases a benchtop synthesizer, nothing in the bill governs what they synthesize using it. Without any ongoing screening requirements and mechanisms for oversight, the equipment itself becomes an unmonitored, unscreened synthesis provider.

This gap is especially concerning because benchtop synthesis technology is becoming more accessible and capable.

3. The split order detection mechanism needs to be centralized and mandatory

The bill requires providers to submit order information for split order detection, but the mechanism for doing so is described permissively in Sec. 4(a)(4): it “may be maintained by the Secretary or an independent organization designated by the Secretary.” As the House Office of Legislative Counsel’s drafting guide makes clear, “the term ‘shall’ means that an action is required; the term ‘may’ means that it is permitted but not required.” Under standard statutory interpretation, this means Congress would be authorizing but not requiring the system to exist, meaning the entire split order detection system is legally optional.

Policy/Amendment Recommendations

• Regarding gap #1, the bill should include dedicated funding for the development of AI-enabled screening tools that can assess the functional risk of novel sequences.
  1. Fourth Eon Bio is working on this, and I’m sure they’d love some government contracts!
• Regarding #2, the bill should require that benchtop nucleic acid synthesis equipment sold or distributed in the United States incorporate embedded screening software that queries the centralized sequence-of-concern database before synthesizing any sequence.
  1. Manufacturers should be required to maintain this screening capability for the operational lifetime of the device through mandatory software updates. Devices that lose connection to the screening system should be unable to synthesize sequences above a minimum length threshold (e.g., 50 nucleotides).
  2. Software for this already exists! See SecureDNA
• Regarding #3, the language in the split order detection section should be changed from “may” to “shall”— the Secretary should be required to establish and maintain (or designate a separate entity to maintain) a centralized order reporting platform, and submission should be mandatory for all covered providers.
• Add a provision to designate non-compliant DNA synthesis providers on the Entity List.
  1. (This would prohibit U.S. persons and companies from transacting with foreign synthesis companies that do not implement screening meeting U.S. standards, providing commercial incentive for international adoption)

Conclusion

S.3741 is good. It treats DNA synthesis screening as a legal obligation rather than a suggestion, and even in its current form, it’s worth passing.

However, the bill assumes a threat model where dangerous sequences look like known pathogens. That was roughly true five years ago; it isn’t true now.

If you work in biosecurity, biotech, or AI safety and think these gaps matter, contact the Senate Commerce Committee. The bill is bipartisan, the industry supports it, and the amendments are straightforward.

This is a rare case where the policy window is open and the fixes are tractable. Let’s not waste it.

Contact Senator Tom Cotton’s office (especially if you’re from Arkansas): https://www.cotton.senate.gov/contact/contact-tom

Contact Senator Amy Klobuchar’s office (especially if you’re from Minnesota): https://www.klobuchar.senate.gov/public/index.cfm/email-amy

Sample email template

SUBJECT: Support S.3741 with amendments for AI-era biosecurity

Dear [Senator Cotton / Senator Klobuchar],

I’m writing to express support for S.3741, the Biosecurity Modernization and Innovation Act. Mandatory DNA synthesis screening is long overdue, and this bill represents the most promising legislative effort to date.

I’d like to flag three gaps in the bill’s screening provisions that could be addressed during committee markup:

1. Screening methodology: The bill relies on homology-based screening (matching orders against known sequences). AI protein design tools can already generate dangerous sequences with no similarity to anything on a list. The bill should mandate and fund function-based screening research, rather than just authorizing NIST to research it.
2. Benchtop synthesizers: The bill covers the sale of these devices but not their ongoing use. Benchtop synthesizers should be required to incorporate embedded screening software that checks sequences before synthesis.
3. Split order detection: The language in Sec. 4(a)(4) should be changed from “may” to “shall” to be mandatory rather than voluntary— the Secretary should be required to establish and maintain (or designate a separate entity to establish/maintain) a centralized order reporting platform, and submission should be mandatory for all covered providers.

I’d also urge you to consider including a provision to designate non-compliant DNA synthesis providers on the Entity List, as this would prohibit U.S. persons and companies from transacting with foreign synthesis companies that do not implement screening meeting U.S. standards, providing commercial incentive for international adoption.

These are not reasons to delay the bill; instead, they’re targeted fixes that would bring the screening framework in line with the current threat landscape. I urge you to pursue these amendments in the Commerce Committee.

Thank you for your leadership on this issue.

Sincerely,

[Your Name]

Not from Arkansas or Minnesota? Find your senators at senate.gov/senators and ask them to co-sponsor S.3741 or advocate for these amendments in committee!

Thank you to Andrew Wei for helpful discussion & feedback.