Biosecure-LLM Framework: Protecting LLMs from Cyberbiosecurity Threats and the Case for Independent AI Safety Governance

Abstract

Large Language Models (LLMs) are becoming critical infrastructure in scientific, healthcare, and governmental contexts. As frontier AI laboratories increasingly partner with government agencies, a fundamental question arises: Who should control the safety and policy-enforcement layers that constrain model behavior? Current safety mechanisms (LLM guardrails) are typically designed for generic "harmlessness" and operate by detecting semantic patterns and refusing requests. However, they are inadequate governance instruments because they cannot implement auditable, domain-specific controls tied to external regulatory policy objects (e.g., control lists or rules governing personally identifying information). Even a perfectly aligned model is not able to express institution-specific policy without an external control layer. This paper argues that the logical separability of policy enforcement from model inference, demonstrated by firewall-style architectures, demands corresponding institutional separability as well. Concentrating both model development and safety governance within the same commercial entities creates unacceptable conflicts of interest, regulatory capture risks, and accountability gaps. We propose that the policy control layers must be housed within independent regulatory bodies, governmental agencies, or trusted third parties rather than the organizations that build and profit from the underlying models. Drawing on the Biosecure-LLM framework as a technical proof-of-concept, we demonstrate that such separation is architecturally feasible and argue it is well-suited for verifiable compliance.