Apr 26, 2026
Biosafety Cloud Lab Compliance Screener
Dustin Gault
https://dgault2007.github.io/cloud-lab-compliance/
Cloud labs make it easy to submit and run experiments remotely, but they make oversight harder when review focuses on individual reagents or single steps instead of the whole experiment. This project is a proof of concept biosafety workflow analyzer that screens structured protocols for biosafety, biosecurity, chemical hygiene, shipping, hazardous waste, human-material, facility capability, or custom policy triggers.
This is a well-presented submission, with a clear theory of change. I invite you to read on current cloud lab risks and mitigation approaches and cause prioritization in biosecurity, starting e.g. here https://substack.com/home/post/p-192022274.
The "controlled-material" rule looks for the literal string "select agent" rather than matching against the HHS/USDA Select Agents and Toxins list. The work would benefit from embedding even a static copy of that list; same for a CDC chemical-terrorism-agent list, IATA dangerous-goods classes for the shipping rule, RG3/RG4 organism lists for the BSL-mismatch rule.
The risk score and confidence formulas and how they correspond to the risk level are not discussed in the paper. They should be presented with a brief explanation and justification of the chosen values. The confidence formula is confusing and I am not sure it is used as intended (e.g. missing metadata lowers confidence which can lower threat rating? If I understand correctly, this is not properly discussed in the paper)
The LLM is asked to second-opinion the deterministic screening based on a summarized view, not to independently analyze the protocol, which is not acknowledged in the paper.
The work would also benefit from comparing the tool to some kind of baseline, e.g. naive keyword matching.
This project represents a first step towards (partially) automating protocol screening to address biosecurity concerns of workflows in cloud labs. The demo showcases an elegant GUI where the tool meaningfully extracts content from submitted protocols and uses an LLM for review. I would like to congratulate the author for this piece of work, well done!
The project focuses on building an end-user tool rather than being a research project as it lacks validation. The helpfulness of such a tool depends on the accuracy of its results, yet no empirical evaluation of the output was provided. The results section focuses on what the dashboard does rather than how well it screens, yet the latter is arguably more important as a proof-of-concept.
Discussion on limitations was also lacking. Several questions immediately jump out, including calibration issues of LLMs (such as false negative/positive rates and how their judgement compares to ground truth), refusals by LLMs on dual-use protocols, the often inflated confidence levels reported by LLMs, and the weak distinction between biosafety and misuse risk (i.e. a protocol may be biosafe but still highly hazardous).
Safety assessments for protocols for cloud labs is an important issue, and improving that is a really useful contribution. I also appreciate the author's focus on early triage, rather than adjudication. I was left a bit confused on the approach for doing the actual workflow analysis, and whether this was automated or human. If automated, seems like much more detail is needed on the approach: how rules are implemented, what specifically the rules are, false positive rates, etc.
Cite this work
@misc {
title={
(HckPrj) Biosafety Cloud Lab Compliance Screener
},
author={
Dustin Gault
},
date={
4/26/26
},
organization={Apart Research},
note={Research submission to the research sprint hosted by Apart.},
howpublished={https://apartresearch.com}
}
