Decentralized artificial intelligence networks may paradoxically offer better protection against bioterrorism than restricting AI capabilities to a handful of corporations or governments, according to AI researcher Ben Goertzel. The counterintuitive argument challenges the reflexive instinct to contain powerful AI models when biological threats emerge, instead proposing that distributed systems could help defenders focus on the actual chokepoint: physical laboratory controls rather than information restriction.

Why Can't We Just Restrict AI Models to Stop Bioterrorism?

The core problem is straightforward and alarming: a desktop DNA synthesizer, a capable AI model, and a knowledgeable biotechnology student could theoretically produce biological material capable of harming millions of people. The instinctive response from policymakers and safety advocates has been to restrict access to advanced AI systems. But this approach faces a fundamental flaw: the capability is already diffusing too widely to contain.

Recent developments illustrate this reality. Harness-1, a twenty-billion-parameter open-source model, was recently uploaded to Hugging Face under an unrestrictive license and is already rivaling or outperforming heavyweight frontier systems like GPT-5.4 or Claude Sonnet-4.6 in complex retrieval tasks, despite being trained on only a handful of examples. This pattern repeats consistently across the industry: any capability locked inside the most costly, proprietary models typically gets replicated by a lightweight, freely accessible alternative within a few months.

Anthropic's experience with its Mythos model provides a concrete example. Throughout spring, the company claimed the model possessed such dangerous proficiency in identifying software exploits that it required strict containment and vetting. Yet roughly ninety days later, Anthropic launched Fable 5 to the general public, using the same engine with guardrails designed to offload sensitive biological or cyber queries to a less capable system. Whether these filters actually hold or simply hinder legitimate research remains an open question, but equivalent open models are emerging from other laboratories at an accelerating pace.

Where Is the Real Leverage Point Against Bio Threats?

The key insight is that cybersecurity and biosecurity operate under fundamentally different constraints. In cybersecurity, defenders can be given powerful models first, identify vulnerabilities in software, and patch them before the capability diffuses widely. Software is patchable, and fixes ship instantly to everyone. Biology admits no analogous strategy. You cannot patch a human body on demand; a vaccine or antiviral is slow, partial, and reaches only a fraction of the population.

This asymmetry suggests that the real leverage point lies not in restricting information or computational power, but in the physical layer. Goertzel emphasizes that bits are far cheaper and easier to copy than atoms. Rather than trying to prevent dangerous biological designs from being conceived, a more practical approach focuses on making it harder to synthesize them in the first place.

"The most sensible point of leverage in this sort of situation is physical not computational or informational. Bits are way closer to free than atoms in this case," explained Ben Goertzel.

Ben Goertzel, AI Researcher

The actual chokepoints are physical: DNA synthesis equipment, laboratory access, and the ability to culture dangerous organisms. These are the places where defenders can realistically intervene, not at the level of restricting which AI models exist or who can access them.

How Could Decentralized AI Support Physical-Layer Defense?

Goertzel has proposed specific technical approaches to managing open AI systems while limiting their misuse, including what he calls "cryptographic laterality" for keeping distributed networks from being forked and weaponized independently. The core principle is designing systems so that the real intelligence lives in the whole, the living, co-evolving network, making a stolen copy a husk: stale, cut off, and far weaker than the running thing.

However, Goertzel acknowledges an important limitation: this forkability approach works well for artificial general intelligence (AGI) systems but does nothing for biology. The reason is fundamental. In AGI, you are trying to prevent someone from stealing a copy of a networked mind. In biology, the dangerous thing is information: a design, plus some know-how. Information is small, copyable, and impossible to pull back once it is loose. You cannot un-disburse bits.

This means decentralized AI's role in defending against bioterrorism is supporting rather than primary. Goertzel suggests that distributed AI networks could theoretically assist defenders in several ways:

• Monitoring Physical Chokepoints: AI systems could help monitor and secure the actual physical infrastructure where real leverage exists, such as DNA synthesis equipment and laboratory access controls.
• Supporting Institutional Coordination: Distributed networks could help coordinate defenses across multiple institutions and jurisdictions rather than concentrating all monitoring power in a few corporate or government entities.
• Enabling Rapid Response: Decentralized systems could potentially help defenders identify suspicious patterns and respond faster to emerging threats at the physical layer.

The critical distinction is that decentralized AI is not itself the defense mechanism against bioterrorism. Rather, it could support the physical and institutional controls that actually matter.

What Makes This Argument Controversial in AI Safety?

The proposal directly contradicts the dominant approach in AI safety, which emphasizes concentrating powerful systems within well-resourced organizations that can implement strict safety protocols. Many researchers worry that open-source AI models, by definition, cannot be controlled or monitored effectively.

Goertzel acknowledges this concern but argues it misses the actual threat surface in biological scenarios. The distinction matters because it reframes the entire risk calculus. If you cannot prevent dangerous information from spreading, then the question becomes not "How do we keep the information secret?" but rather "How do we make it harder to act on that information?".

Goertzel

This perspective suggests that AI safety strategies must be tailored to the specific threat they address. A one-size-fits-all approach of restricting all powerful AI systems may actually be counterproductive if it prevents the very tools that could help defenders stay ahead of biological threats. The argument is not that AI poses no risk, but rather that the relationship between AI capability and biological danger is more nuanced than simple restriction implies.

As advanced technology continues to proliferate across multiple domains, from biotech to nanotech to nuclear energy, the challenge of managing risks while preserving benefits becomes increasingly complex. Goertzel's analysis suggests that for some of the most serious threats humanity faces, the answer may not be to slow down technology, but to ensure the right tools reach the right defenders first, and that those defenders focus their efforts on the physical layer where actual leverage exists.