grantmaking.ai Launch Round
The money will be spent on the salaries of the lead researchers through our non-profit (https://biosafelabs.org/) and for computational resources (mostly GPUs) for glm training.
Safeguarding open-weight genomic foundation models through weight lock against adversarial finetuning
Safeguarding open-weight genomic foundation models through weight lock against adversarial finetuning
In this project we will evaluate spectral deformation weight locking as a biosecurity defense for open weight genomic foundation models. The core threat is that anyone with a GPU can finetune a publicly released genomic model for malicious purposes. Weight locking addresses this by blocking the capability of standard stable finetuning, while leaving the model's inference behavior exactly unchanged.
We have completed an empirical evaluation on Evo 1, a state of the art genomic foundation model, demonstrating that the lock defends against the naive attacker, which is the most common and practically relevant threat.
The proposed work extends this framework to at least two additional state of the art genomic foundation models, Evo 2 and Nucleotide Transformer v3. We will produce locked checkpoints with well documented security vulnerabilities and solutions for the tested models alongside the codebase and evaluation benchmark.
Joel Shor leads the project as architect. Joel brings over a decade of experience leading machine learning teams (ex Google), with experience in production AI systems in genomics.
Alexandros Tzanakakis is a PhD student serving as lead ML researcher on the project, responsible for implementing the locking and attack pipelines. Charalampos Koilakos is a PhD student running the empirical evaluation analysis. They both have worked in numerous projects on biosafety and glm improvement.
The concrete outputs of this project are locked and publicly released checkpoints for Evo 2 and Nucleotide Transformer v3 models and a reusable benchmark suite for auditing the biosecurity properties of genomic foundation models, and a methodology paper documenting the evaluation framework and its findings across model families.
Today there is a big biological x-risk from AI as anyone with a GPU can download an open weight genomic foundation model and finetune it on publicly available pathogen data to optimize dangerous viral properties. This project reduces that risk by developing and validating a mathematical mechanism, spectral deformation weight locking, that makes this finetuning attack path fail for the most common attacker while preserving the model's inference performance, and by producing locked public checkpoints for the most capable open-weight genomic models currently available so that the safer release option actually exists for developers and institutions to adopt.
Team Member
The money will be spent on the salaries of the lead researchers through our non-profit (https://biosafelabs.org/) and for computational resources (mostly GPUs) for glm training.
Private comment. Only shown to approved funders and grant reviewers.