Writing Genomes: AI and Synthetic Genomics
AI is moving from reading DNA to writing it — designing sequences, optimizing codons, and forcing a rethink of how synthesis orders get screened.
Reading DNA with AI is now routine enough to be a product category. Writing it is the harder, more consequential frontier — and it is moving fast. The same generative models that learned the statistics of real genomes can now propose new sequences: a gene optimized for expression in a target organism, a regulatory element with a desired behavior, in some cases whole genome-scale constructs. That capability is genuinely useful for medicine and industrial biology. It also broke the safety systems that were supposed to sit between a design and a physical strand of DNA. Both halves of that story matter, and they are connected.
From reading to writing#
A genomic language model that can score how natural a sequence is can also generate sequences that score as natural. Arc Institute’s Evo 2 demonstrates this directly: alongside its prediction work, it generates mitochondrial, prokaryotic, and eukaryotic sequences at genome scale, with more coherence than earlier methods. “Coherence” here is concrete — the generated sequences carry the structural hallmarks of real genomes, the intron–exon organization and motif patterns the model absorbed during training, rather than plausible-looking noise.
This is the design end of synthetic genomics. Instead of editing an existing organism one locus at a time, you specify what you want and let a model propose sequence that should produce it. The model has effectively internalized a vast amount of evolutionary constraint, so its proposals start far closer to functional than random sequence ever would. That does not make them correct — generated DNA is a hypothesis until it is built and tested — but it collapses an enormous search space into a short list worth synthesizing.
Codon optimization, the everyday case#
Most synthetic-genomics work is far more mundane than designing a genome, and that is where AI quietly earns its place. Codon optimization is the workhorse: the genetic code is redundant, so the same protein can be encoded by many different DNA sequences, and the choice affects how well the gene expresses in a given host. Picking those codons well — balancing expression, mRNA stability, secondary structure, and manufacturability — is exactly the kind of high-dimensional optimization where learned models beat lookup tables. AI is now woven through gene-synthesis and genome-engineering pipelines at this practical level, long before anyone is generating whole chromosomes.
DNA synthesis is the chokepoint#
Here is the structural fact that makes the safety conversation tractable. A design, however clever, is just a file until someone synthesizes it into physical DNA. The number of organizations that can manufacture long synthetic DNA to order is small. That makes synthesis the natural chokepoint for biosecurity: if providers screen incoming orders against sequences of concern, a dangerous design gets caught before it becomes a physical reagent. The whole defensive model rests on that screen working.
For years it mostly did, because the screen relied on sequence similarity. An order that looked like a known toxin or pathogen gene tripped the filter. The IGSC harmonized protocol even uses six-frame translation to catch crude evasion attempts like codon-swapping a known hazardous sequence. Against a human ordering a recognizable gene, that defense held up reasonably well.
Generative protein design changed the threat model, and not gradually.
When AI broke the screen#
The pivotal result is a study published in Science in October 2025, led by researchers at Microsoft working confidentially with biosecurity partners. The question was blunt: can today’s open-source protein-design tools generate variants of proteins of concern that keep their function but no longer resemble the known hazardous sequence closely enough to trip a screen? The answer was yes. AI-redesigned sequences slipped past the screening tools that synthesis providers actually use — in the worst case, one tool missed more than 75% of the flagged designs.
The mechanism is the same one that makes these models useful. A generative model can produce a protein that folds and functions like a dangerous one while sitting far away in sequence space — exactly the divergence that makes AI-designed editors interesting also makes AI-designed hazards hard to recognize by similarity. Sequence-similarity screening assumes threats look like known threats. Generative design dissolves that assumption.
I will keep this deliberately high-level, because the responsible framing is the only one worth publishing: the work was done by a coordinated team under confidentiality, the vulnerable details were handled privately, and the point of disclosure was to fix the defense, not to hand anyone a recipe.
The patch, and why it is a process not a product#
What makes the Science study constructive rather than alarming is that it shipped a fix. The same effort developed “patches” — improvements to the screening tools that markedly raised detection of functional homologs of concern — and worked to get them adopted across providers before publication. That is the right shape for this kind of disclosure: find the hole, build the fix, deploy it quietly, then describe the lesson.
The durable lesson is that the screen has to move from similarity-based to function-based. Asking “does this sequence look like a known threat” is no longer sufficient when a model can produce unlimited functional variants that look like nothing on file. The defense has to reason about what a sequence would do, and it has to be a continuously updated system — adversarial in the security sense, patched as new design capabilities appear — not a static blocklist. Policy has been moving the same direction, with the US framework for nucleic-acid synthesis screening tying screening practice to federal research funding, but policy sets the floor; the technical screen is where the work is.
The upside is the reason to get the defense right#
It would be a mistake to read the screening story as an argument against the technology. The same generative capability that makes screening hard is what makes synthetic genomics worth doing. Designed sequences are already shortening the path to better enzymes for industrial chemistry, more expressible therapeutic proteins, and vaccine and gene-therapy constructs that would take years to reach by trial and error. The economic and medical case is strong, and it is precisely because the upside is large that the defensive layer cannot be an afterthought. A capability this useful will be built and deployed; the only real choice is whether the safety systems mature alongside it or lag behind it.
That framing also clarifies where the engineering effort belongs. The headline-grabbing work is the generative model that designs a genome. The work that determines whether the field is trusted to keep operating is the unglamorous infrastructure around it — the screening service at the synthesis provider, the audit log on every order, the red-team that probes the screen on a schedule. In security terms, the design model is the attack surface and the screen is the control. Mature fields invest in both. Synthetic genomics is young enough that the investment is still uneven, and the Science result is essentially a warning shot that the balance needs correcting.
What this means if you build in this space#
If your organization touches synthetic genomics, treat screening as core infrastructure with the same seriousness as any production safety system. A few principles carry over directly from how we approach any Data Platforms or AI implementation build.
Screen at the chokepoint, and log everything. Synthesis is where intent becomes a physical reagent; that is the control point, and every order through it should be screened and auditable. The same provenance discipline we apply in a Hospital Management System — knowing who did what, when, traceable end to end — is the right baseline here, with far higher stakes.
Assume the screen will be probed and keep it patched. A function-based screen is a living system. Treat it like one: monitor it, update it as design tools advance, and red-team it on a schedule rather than trusting a model that was state of the art two years ago.
Keep humans accountable for the decisions. AI proposes sequence; people decide what gets built. That boundary is not a formality. It is the layer where ethics, oversight, and the actual legal responsibility live.
Writing genomes is going to be one of the more important capabilities of this decade, in medicine, materials, and agriculture. It will be a net good only if the safety systems keep pace with the design systems. Right now they are catching up, and the people building the design tools owe an equal share of attention to the defenses.
The encouraging part is that the field has already shown it can self-correct. The 2025 screening work found a serious hole, fixed it under confidentiality, deployed the fix across providers, and only then published the lesson — a model of responsible disclosure that the security world would recognize. That pattern, repeated on a schedule as the design tools keep improving, is what keeps the chokepoint a real control rather than a formality. The technology is not the risk on its own; an unmaintained defense around it is.
Building in synthetic biology and need screening, provenance, and AI infrastructure done with real rigor? Talk to our team.