Apr 26, 2026
Latent-Space Anomaly Detection for DNA Synthesis Screening Using Biological Foundation Model Representations
Blake Brown
Current DNA synthesis screening relies on sequence-homology searches (BLAST/mmseqs2) against curated threat databases. This mostly works when a submitted sequence resembles a known pathogen-associated sequence, but it is structurally mismatched to a world in which protein design models can produce functionally coherent variants that are sequentially divergent from known proteins, precisely the capability that biological design tools like RFdiffusion, ESM3, and Evo 2 now provide. Here I propose and implement a four-phase latent-space anomaly detection pipeline that uses the internal representations of biological foundation models to flag structurally complex threats (prions, superantigens, novel toxins, immune-evasive peptides) based on their functional geometry in embedding space rather than their surface-level sequence as a way to “catch” potentially unexpected biological threats from being synthesized
This approach unites cross-modal structural scoring (ESM3), background-corrected likelihood ratios (Ren et al. 2019), domain-specific sparse autoencoders with mandatory dead-salmon controls, and contrastive representation engineering. On a synthetic validation dataset comprising 500 benign sequences, 300 threat sequences across three pathogen classes, and 200 hard-negative de-novo designs, the calibrated ensemble achieves an AUROC of 0.997 with clean separation between all threat classes and benign controls. Crucially, the hard-negative de-novo designs cluster distinctly from both threat and benign populations in embedding space, and the linear probe baseline alone achieves near-perfect discrimination, suggesting that biological foundation models encode threat-relevant functional information in linearly accessible directions.
I present a modular implementation (3,200+ lines, 13 passing tests) with dual-use review guidelines, explicit methodological controls that address known failure modes in the SAE interpretability literature, and a SECURITY.md protocol for responsible artifact release. The pipeline is designed to complement existing homology-based screening infrastructure (SecureDNA, IBBIS Common Mechanism, Aclid), targeting the specific gap that AI-designed divergent variants could exploit.
This project provides a strong architectural proof-of-concept. While the end-to-end pipeline is a highly useful and complete deliverable, the foundational claims regarding threat discrimination require broader evaluation and validation with better test sets. Given the time constraints of the hackathon, the scope and execution of this project are appreciated.
Excellent considerations of the specific needs of synthesis screening and the use of tools for biosecurity. You did a wonderful job in thinking about how your approach would be used in the real world and not just as an academic exercise. I was also struck by the range of different pathogens you discussed. It is unusual to see prions included in synthesis screening! Equally your efforts to consider the dual use implications of step 4 were useful and interesting. I liked framing your approach as a compliment to (rather than replacing) traditional sequence-based approaches.
An ambitious project combining multiple discriminants between threatening and non-threatening protein sequences into an auditable pipeline. The scope is broad and the technical execution appears quite sound. The report is mostly clear. The clear description of training different models, building an ensemble model, and analyzing contributors to ensemble performance is tight. The "hard negative" class is clever and makes the report much more interesting. Some suggestions:
* The description of dead-salmon SAE validation is not fully clear. How were margins set? Are we sure that features linearly via the randomized network (eg just linear projection) are not relevant, even if not a direct product of learning via the trained network?
* The relationship between models used (ESM2 vs 3, e.g) isn't obvious
* As a broader extension, it'd be nice to compare the embedding based method to a purely structure based method. E.g. if AI tools are nearly-exactly generating known structures with new AA sequences, structural similarity to known threats could be a good test.
* Despite the emphasis on the pipeline as key deliverable, it's not obvious to me from the report what the major contributions of the pipeline are, and how they differ from other ensemble models or modular software.
Cite this work
@misc {
title={
(HckPrj) Latent-Space Anomaly Detection for DNA Synthesis Screening Using Biological Foundation Model Representations
},
author={
Blake Brown
},
date={
4/26/26
},
organization={Apart Research},
note={Research submission to the research sprint hosted by Apart.},
howpublished={https://apartresearch.com}
}
