Apr 26, 2026
Biosecurity Risk Assessment Tool with Adversarial Red-Teaming (BRAT)
Asma Ahmed
BRAT provides rapid risk assessment for biosafety incidents using adversarial red-teaming. Standard biosafety frameworks assess "what happened" but miss "who could exploit this." BRAT systematically models attacker intent (insider threats, weaponization pathways, information hazards) alongside standard assessment and refuses dual-use requests without revealing what's dangerous.
Retrospective analysis of three major biosecurity failures (2014 CDC anthrax: 84 exposed; 2001 anthrax letters: 5 deaths; 2011 H5N1 GOF) shows BRAT's adversarial hypotheses would have correctly identified the actual failure modes and prevented these incidents. Tested on 12 cases with 100% accuracy, 0 false refusals, and 79% of threats identified were non-obvious to humans.
The problem BRAT targets is real and the effort to build and deploy a working tool in a hackathon is laudable. The shield of ignorance idea is worth developing further. But the evaluation doesn’t hold up since testing a system on historical incidents where you already know the outcome and then claiming it would have prevented those outcomes is hindsight bias, not validation. A credible test would be to give the system only the information available before the failure, ideally blinded and judged by independent biosafety experts, and see whether its adversarial hypotheses are useful. The 12 hand-selected, author-evaluated cases also can’t support the performance claims made. Scaling to expert-judged, blinded evaluation on novel scenarios would be the single most important next step.
The initial project idea seemed quite compelling, but execution and overall presentation felt rushed and with an inappropriate tone/style. We should be planning more seriously for intentional or deliberate misuse events across the bioscience industry, but in this report:
The methodology here was not described in much detail, and I was left unsure what the BRAT tool even consisted of from just reading the report. When I eventually checked out the tool webpage, it didn’t do a great job of convincing me that the tool wasn’t just a black box (despite the tagline - the webpage is literally a black box design). I also think Charlie XCX and biosecurity probably shouldn’t mix, for me that made the project seem a bit unserious.
It seems that LLMs were heavily relied on end-to-end in this project including ideation, which was a little worrying.
In the introduction, the BRAT tool made by the author is described during the problem setting. Ideally, the problem is described first and independently of the implemented solution/main results, so presentation of the project couldn’t have been much improved.
The problem framing was quite surface level and not adequately contextualized. There are sparse references to tools/projects/case studies but the biosecurity landscape is not summarized well - more introduction and scene setting of the status quo of biosafety/biosecurity measures would have improved things.
I don’t think retrospective analysis of an event counts as risk assessment. Risk assessment pertains to defined activities, with the assessment conducted prior to the event, with the idea being to implement changes or consider alternative actions that mitigate the **future** risk. This tool seemed like the intention was to evaluate incidents after they have happened (‘BRAT turns a messy incident description into a structured review with concern type, risk level, precedent cases, policy context, and a clear next step’).
While I agree that we need to consider deliberate misuse risks more systematically, I doubt that a chatbot is an appropriate solution. Currently, this would not get adopted by any biosafety/biosecurity officer or institution with meaningful biosafety/biosecurity risks. That said, I think the core problem selection was good and that LLMs could play a part in the risk analysis somewhere - I think a more considered analysis of what the options are here would have made for a more epistemically humble and useful report, rather than this tool.
Good execution on the website. The paper is clearly vibe-written but does hint at the fact that synthesis companies and governmental health organizations need very clear, strict, guidelines as well as dynamic and thoughtful and dynamic appraisals of the threat models relevant to every case they review. I'm not sure what gap a BRAT with more time and care put into it would fill since I imagine many relevant organizations now have good biosafety requirements, but you should try to ensure that such guidelines are in place if you care about this problem and want to pursue it further.
Cite this work
@misc {
title={
(HckPrj) Biosecurity Risk Assessment Tool with Adversarial Red-Teaming (BRAT)
},
author={
Asma Ahmed
},
date={
4/26/26
},
organization={Apart Research},
note={Research submission to the research sprint hosted by Apart.},
howpublished={https://apartresearch.com}
}
