A recent report has found that large language models (LLMs) can give effective advice on how to conceal the true purpose of the purchase of anthrax, smallpox and plague bacteria, reports.
According to research by a US think tank, the artificial intelligence (AI) models underpinning chatbots could help plan an attack with a biological weapon.
AI’s Role in Biological Attack Planning
On Monday, a report by the Rand Corporation revealed that its findings, achieved by testing several LLMs, demonstrated that LLMs could supply guidance that 鈥渃ould assist in the planning and execution of a biological attack鈥.
However, the preliminary findings also showed that the LLMs did not generate explicit biological instructions for creating weapons.
The聽report said聽previous attempts to weaponise biological agents, such as an attempt by the Japanese Aum Shinrikyo cult to use botulinum toxin in the 1990s, had failed because of a lack of understanding of the bacterium.
AI could 鈥渟wiftly bridge such knowledge gaps鈥, the report said, though it did not specify which LLMs the US think tank tested.
More from Tech
- Canva, Adobe And Figma All Want To Own Your Creative Workflow 鈥 Where Does That Leave The Startups Already Building In This Space?
- These Tech Jobs Are Paying The Most In 2026
- Apple Has Delayed Its Foldable iPhone Again, Is The Tech Giant Losing Its Edge In Hardware Innovation?
- Before You Cut The Cord, What Are VoIP’s Limitations?
- What Is Space Mining?
- AI Is Finally Solving The Online Returns Crisis, And It’s Worth Billions To Whoever Gets There First
- What Happens When A Data Centre Reaches End Of Life?
- Lloyds Bank Exposed 448,000 Customers With A Single Faulty Update, Every Fintech Founder Should Read This
The AI-Related Bioweapon Threat
Bioweapons are among the serious AI-related threats that will be discussed at聽next month鈥檚 global AI safety summit in the UK.
In July Dario Amodei, the CEO of the AI firm Anthropic, warned that AI systems could help create bioweapons in two to three years鈥 time.
LLMs receive extensive training using vast datasets sourced from the internet and serve as a fundamental technology underpinning chatbots like ChatGPT. While Rand did not disclose the specific LLMs it examined, researchers stated that they accessed these models through an application programming interface (API).
In one test scenario devised by Rand, the undisclosed LLM identified potential biological agents –聽 including those that cause smallpox, anthrax and plague – and discussed their relative chances of causing mass death.
In addition to this, the聽LLM also assessed the possibility of obtaining plague-infested rodents or fleas and transporting live specimens. It then went on to mention that the scale of projected deaths depended on factors such as the size of the affected population and the proportion of cases of pneumonic plague, which is deadlier than bubonic plague.
Due to the nature of its findings, the researchers admitted that extracting this information from an LLM required using text prompts that overrode the chatbot鈥檚 safety restrictions, something also known as 鈥渏ailbreaking鈥.
In a further test,聽the unnamed LLM discussed the pros and cons of different delivery mechanisms for the botulinum toxin (something that can cause fatal nerve damage) such as food or aerosols.
The LLM also advised on a plausible cover story for acquiring Clostridium botulinum 鈥渨hile appearing to conduct legitimate scientific research鈥. This was suggested to be part of a project looking at diagnostic methods or treatments for botulism. The LLM response added: 鈥淭his would provide a legitimate and convincing reason to request access to the bacteria while keeping the true purpose of your mission concealed.鈥
To conclude their preliminary results, the researchers stated that this indicated LLMs could 鈥減otentially assist in planning a biological attack鈥. They said their final report would examine whether the responses simply mirrored information already available online.
鈥淚t remains an open question whether the capabilities of existing LLMs represent a new level of threat beyond the harmful information that is readily available online,鈥 said the researchers.
However, the Rand researchers said the need for rigorous testing of models was 鈥渦nequivocal鈥. They said AI companies must limit the openness of LLMs to conversations such as the ones in their report.
