Biosecurity-by-Design for CEPI’s Pandemic Preparedness Engine

When fully operational, CEPI’s Pandemic Preparedness Engine for Disease X (PPX) will be a critical tool to achieve the 100 Days Mission. This AI platform will incorporate “agentic” capabilities—enabling AI that can plan, coordinate, and act on multi-step tasks—to accelerate vaccine development by bringing together vast quantities of data and capabilities from pathogen surveillance to vaccine design to regulatory submission. It is envisioned as a global capability, so equitable access by responsible users, especially in times of outbreak emergencies, will be key to unlocking the lifesaving potential of this resource. While there is extraordinary potential, CEPI also recognises the potentially serious biosecurity risks that new biological AI systems pose in the event they are intentionally misused by malicious actors to cause harm. That’s why, while designing the PPX, CEPI is building in a multilayered approach to mitigate these risks, in consultation with many of the world’s leading biosecurity experts and institutions.

CEPI has codified the foundational role of biosecurity in its CEPI 3.0 strategy (2027-2031), embedding it at the heart of the PPX technology development process. This biosecurity-by-design approach represents a fundamental departure from traditional research funding models, which have largely focused on mitigating risks only after technologies are developed. By placing biosecurity at the centre from the outset, CEPI is taking a leading global role in responsible innovation. The multi-layered approach for the PPX, enabled through an ongoing collaboration with the philanthropy Sentinel Bio, is being implemented alongside the development of the PPX’s agentic architecture. 

No off-the-shelf solutions nor established best practices for biosecurity in biological AI tools exist. Therefore, CEPI has proactively engaged leading experts around the world to better understand and mitigate emerging risks. Over the past several months, CEPI has convened and incorporated input from a diverse set of technical and policy experts to help refine its approach. Most recently, CEPI launched a collaboration with RAND to identify misuse scenarios for PPX and to inform and prioritise risk mitigation measures. This builds on previous work by RAND and the Centre for Long-Term Resilience on risks related to biological AI tools. It positions CEPI to define and promote biosecurity best practices that are anchored in the 2024 Community Statement to Guide the Responsible Development of AI for Biological Design, and can evolve into global norms and standards for responsible innovation in this rapidly evolving technology area.

Managed access to the PPX

Users of the PPX will include data providers, tool developers, researchers, public health officials, vaccine manufacturers, and other stakeholders around the world. By design, access to the PPX will need to be carefully managed. A central pillar of the biosecurity approach is a managed access framework that is tiered based on the level of dual-use risk posed by PPX data or biological AI tools (ie, the potential for data to be misapplied to cause harm, not just provide its intended benefits). Users who access higher-risk capabilities will be required to undergo increasingly more stringent verification (see Table for example). 

Beyond the PPX and CEPI, managed access is increasingly seen as an important strategy to address biosecurity risks that arise at the intersection of AI and the life sciences, including for biological AI tools, certain types of pathogen-related data, and publications that might include dual-use data or information. Indeed, managed access provisions are being adopted for many types of highly capable biological AI tools, including commercial and non-profit drug development pipelines as well as frontier models that support scientific research.

An integrated approach

Biosecurity is not the only consideration when it comes to managed access for biological AI tools and agentic systems. For the PPX, this tiered access approach will also be applied to prevent inappropriate access to human genome data; clinical data; data subject to licensing agreements; proprietary data, designs, or tools; data subject to international data-sharing agreements; and data deemed sensitive for other reasons. Users who need access to the full range of data and capabilities of the PPX will have a close relationship with CEPI and its partners, including legal agreements and contractual frameworks to guarantee these protections. These instruments can also provide assurances for biosecurity purposes. 

The intersections between biosecurity and other data protections highlight the importance of considering biosecurity risks as these broader frameworks for access are established to ensure an integrated framework and true biosecurity-by-design. The integrated managed-access approach for the PPX also reflects the diversity of data, data sources, tools, and tool developers that are required for successful development of this type of agentic biological AI system. It is likely that other highly capable AI systems that incorporate biological data will have similar data requirements.

A key challenge for the managed access approach for the PPX is to ensure that all responsible users in any part of the world can access the data and tools that they need. This includes pre-defining clear, objective criteria that governs access at all levels. 

How to address this challenge was one focus of discussion at a PPX-focused, biosecurity technical convening in November, 2025, that included diverse international experts. It was also raised at a workshop hosted by CEPI and the WHO Regional Office for Africa on 3-4 March, 2026, in Nairobi, which focused on the PPX and other AI tools for pandemic preparedness. Participants emphasised that it will be critical that determinations about trusted users or legitimate institutions be context-dependent, consistent with the principles of equitable access, and overseen by governance mechanisms that are representative, transparent, and trusted. CEPI has a long-standing commitment to equitable access, and approaches for governance for the PPX are already under development.

Multiple layers of biosecurity 

Managed access should be understood as an important foundation for a multi-layered approach. For the PPX, additional biosecurity layers include cybersecurity and data security (including a federated data architecture); risk assessments and appropriate guardrails for biological data and AI models incorporated into the agentic system; and an autonomous biosecurity agent that could oversee the system and flag potential risks as they arise. The details of these layers are likely to change as the risks are better understood, technical options are developed for guardrails and autonomous oversight, and the broader agentic framework for the PPX is established. CEPI is actively working to develop these additional guardrails in parallel to the managed access approach.

CEPI and its partner Sentinel Bio share a common vision that development of this biosecurity-by-design approach will not only reduce risks related to the PPX but also contribute to broader global norms and biosecurity best practices for agentic biological AI systems. Although technical development of the PPX is just beginning, one critical lesson is already clear: managed access will be a critical component for establishing biosecure systems.