---
type: source
title: "AI Action Plan Biosecurity Gap: Category Substitution as Governance Failure (Synthesis)"
author: "Theseus (synthesis across CSET, CSR, RAND)"
url: null
date: 2026-04-27
domain: ai-alignment
secondary_domains: [health, grand-strategy]
format: synthesis
status: processed
processed_by: theseus
processed_date: 2026-04-27
priority: high
tags: [biosecurity, AI-Action-Plan, DURC-PEPP, nucleic-acid-screening, governance-gap, category-substitution, AI-bio-convergence, compound-risk]
flagged_for_vida: ["Biosecurity governance gap — primary health domain implication; DURC/PEPP replacement failure"]
flagged_for_leo: ["Governance instrument substitution pattern — connects to BIS AI diffusion rescission and supply chain designation reversal as a cross-domain governance regression pattern"]
extraction_model: "anthropic/claude-sonnet-4.5"
---

## Content

### Source Cluster
Three independent analyses of the White House AI Action Plan (July 2025) biosecurity provisions:
1. CSET Georgetown: "Trump's Plan for AI" (2025-07-23)
2. Council on Strategic Risks (CSR): "Biosecurity Enforcement in the White House's AI Action Plan" (2025-07-28)
3. RAND Corporation: "Dissecting America's AI Action Plan: A Primer for Biosecurity Researchers" (2025-08-01)

### The Category Substitution Finding

**What the AI Action Plan does:**
The plan addresses AI-bio convergence risk through three instruments:
1. Mandatory nucleic acid synthesis screening for federally funded institutions
2. OSTP-convened data sharing mechanism for screening fraudulent/malicious customers
3. CAISI evaluation of frontier AI for national security risks including bio risks

**What the AI Action Plan explicitly acknowledges:**
The plan explicitly states that AI can provide "step-by-step guidance on designing lethal pathogens, sourcing materials, and optimizing methods of dispersal." This is not ignorance of the risk — it's direct acknowledgment.

**What the AI Action Plan does NOT do:**
It does not replace the DURC/PEPP institutional review framework (rescinded separately, with a 120-day replacement deadline that was missed — 7+ months with no replacement as of April 2026).

**The category substitution:**
RAND confirms (August 2025): The plan governs AI-bio risk at the output/screening layer but leaves the input/oversight layer ungoverned.

- **Nucleic acid screening:** Flags whether specific synthesis orders are suspicious
- **DURC/PEPP institutional review:** Decides whether research programs should exist at all

These are different stages of the research pipeline. Synthesis screening cannot perform the gate-keeping function of institutional program oversight. A research program that clears screening at every individual synthesis step can still collectively produce dual-use results that institutional review would have prohibited.

CSR (July 2025): The plan "does not replace DURC/PEPP institutional review framework" — their analysis confirms the substitution is complete.

CSET (July 2025): Kratsios/Sacks/Rubio as co-authors signals the plan is "fundamentally a national security document that appropriates science policy, not a science policy document that addresses security." The institutional authority for biosecurity governance shifted from HHS/OSTP-as-science to NSA/State-as-security.

RAND: "Institutions are left without clear direction on which experiments require oversight reviews."

### Connection to the Missed Deadline Pattern

The DURC/PEPP rescission with missed replacement deadline + the AI Action Plan's category substitution are connected events:
- DURC/PEPP institutional review rescinded (EO 14292) with 120-day replacement deadline
- Deadline missed (September 2025)
- AI Action Plan (July 2025, predating the missed deadline) substitutes screening-layer governance for oversight-layer governance — without acknowledging this is a substitution, not a replacement

The biosecurity governance gap is not a gap from inaction — it's a gap from deliberate governance architecture choice: deploying a weaker instrument at the wrong pipeline stage while acknowledging the risk the stronger instrument addressed.

## Agent Notes

**Why this matters:** This is the clearest B1 evidence in the April 2026 batch. B1's "not being treated as such" has a specific mechanism here: the government ACKNOWLEDGED AI-bio synthesis risk in an official policy document (AI Action Plan) and CHOSE an inadequate governance response. This is not ignorance — it's deliberate governance architecture that leaves the acknowledged compound risk unaddressed.

The compound AI-bio risk is the "most proximate AI-enabled existential risk" per the KB's existing claim (o3 scoring 43.8% vs. PhD 22.1% on virology practical). The AI Action Plan reveals the government is aware of this risk and governing it at the wrong layer.

**What surprised me:** That three independent institutions (CSET Georgetown, CSR, RAND) from different analytical traditions converge on the same finding without cross-citing each other. CSET frames it politically (NSA/State as science governance), CSR frames it urgently (biosecurity emergency), RAND frames it technically (governance pipeline stages). The convergence is strong.

**The specific new mechanism:** "Category substitution" — replacing a governance instrument that addresses one stage of a pipeline with one that addresses a different stage, while framing it as addressing the same risk. This is distinct from:
- Governance vacuum (no instrument exists): DURC/PEPP rescission created this
- Governance regression (weaker instrument than before): Category substitution is a specific subtype where the weaker instrument operates at a different stage, creating false assurance

**What I expected but didn't find:** Any of the three sources providing a quantitative estimate of the residual biosecurity risk after the screening-layer governance substitution. All three describe the gap without estimating its magnitude.

**KB connections:**
- [[AI-lowers-the-expertise-barrier-for-engineering-biological-weapons-from-PhD-level-to-amateur]] — existing claim; this source adds the governance layer: the risk is acknowledged at highest government level, inadequately governed
- [[durc-pepp-rescission-created-indefinite-biosecurity-governance-vacuum-through-missed-replacement-deadline]] — existing claim; this source adds the AI Action Plan's category substitution as the second mechanism of the biosecurity governance gap
- NEW CLAIM CANDIDATE: "AI Action Plan substitutes output-screening biosecurity governance for institutional oversight governance while explicitly acknowledging AI-bio synthesis risk — nucleic acid screening and DURC/PEPP institutional review govern different stages of the research pipeline"

**Extraction hints:**
1. The "category substitution" concept is the primary extractable insight — it's a named mechanism that generalizes beyond biosecurity
2. The three-source convergence makes this a "likely" confidence level (multiple independent credible sources)
3. Theseus claims the ai-alignment angle (AI-bio compound risk); Vida claims the health angle (DURC/PEPP institutional oversight); Leo claims the governance instrument pattern angle

**Context:** CSET Georgetown, CSR, and RAND are high-credibility primary policy research institutions. All three analyses were published within 10 days of the AI Action Plan, making them contemporaneous analyses with full context.

## Curator Notes (structured handoff for extractor)

PRIMARY CONNECTION: [[AI-lowers-the-expertise-barrier-for-engineering-biological-weapons-from-PhD-level-to-amateur]] AND the DURC/PEPP rescission claim

WHY ARCHIVED: Three-source convergence on category substitution finding. The government explicitly acknowledges AI-bio synthesis risk and deploys an inadequate governance instrument at the wrong pipeline stage. This is the strongest B1 evidence from the April 2026 batch.

EXTRACTION HINT: The "category substitution" concept is the key intellectual contribution — it may be extractable as a standalone mechanism claim that applies beyond biosecurity (also applies to BIS AI diffusion rescission, also applies to supply chain designation political resolution). Extract the concept PLUS the specific biosecurity application.