Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Biosecurity-Aware AI: Agentic Risk Auditing of Soft Prompt Attacks on ESM-Based Variant Predictors

Huixin Zhan

TL;DR

Genomic foundation models enable broad, zero-shot variant effect prediction but raise security concerns as adversarial inputs can shift predictions. The authors introduce SAGE, an agentic auditing framework that perturbs embeddings through soft prompts, monitors responses across training checkpoints, and uses AUROC/AUPR plus LLM-generated explanations to assess robustness without altering model weights. Experiments show targeted soft prompt attacks degrade performance across multiple GFMs and disease datasets, with smaller models being more vulnerable and robustness varying by architecture. The layered OBSERVE-INTERVENE-EVALUATE-REASON-REPORT pipeline demonstrates interpretable, reproducible risk auditing, offering a practical path to safer deployment of genomic AI in clinical settings.

Abstract

Genomic Foundation Models (GFMs), such as Evolutionary Scale Modeling (ESM), have demonstrated remarkable success in variant effect prediction. However, their security and robustness under adversarial manipulation remain largely unexplored. To address this gap, we introduce the Secure Agentic Genomic Evaluator (SAGE), an agentic framework for auditing the adversarial vulnerabilities of GFMs. SAGE functions through an interpretable and automated risk auditing loop. It injects soft prompt perturbations, monitors model behavior across training checkpoints, computes risk metrics such as AUROC and AUPR, and generates structured reports with large language model-based narrative explanations. This agentic process enables continuous evaluation of embedding-space robustness without modifying the underlying model. Using SAGE, we find that even state-of-the-art GFMs like ESM2 are sensitive to targeted soft prompt attacks, resulting in measurable performance degradation. These findings reveal critical and previously hidden vulnerabilities in genomic foundation models, showing the importance of agentic risk auditing in securing biomedical applications such as clinical variant interpretation.

Biosecurity-Aware AI: Agentic Risk Auditing of Soft Prompt Attacks on ESM-Based Variant Predictors

TL;DR

Genomic foundation models enable broad, zero-shot variant effect prediction but raise security concerns as adversarial inputs can shift predictions. The authors introduce SAGE, an agentic auditing framework that perturbs embeddings through soft prompts, monitors responses across training checkpoints, and uses AUROC/AUPR plus LLM-generated explanations to assess robustness without altering model weights. Experiments show targeted soft prompt attacks degrade performance across multiple GFMs and disease datasets, with smaller models being more vulnerable and robustness varying by architecture. The layered OBSERVE-INTERVENE-EVALUATE-REASON-REPORT pipeline demonstrates interpretable, reproducible risk auditing, offering a practical path to safer deployment of genomic AI in clinical settings.

Abstract

Genomic Foundation Models (GFMs), such as Evolutionary Scale Modeling (ESM), have demonstrated remarkable success in variant effect prediction. However, their security and robustness under adversarial manipulation remain largely unexplored. To address this gap, we introduce the Secure Agentic Genomic Evaluator (SAGE), an agentic framework for auditing the adversarial vulnerabilities of GFMs. SAGE functions through an interpretable and automated risk auditing loop. It injects soft prompt perturbations, monitors model behavior across training checkpoints, computes risk metrics such as AUROC and AUPR, and generates structured reports with large language model-based narrative explanations. This agentic process enables continuous evaluation of embedding-space robustness without modifying the underlying model. Using SAGE, we find that even state-of-the-art GFMs like ESM2 are sensitive to targeted soft prompt attacks, resulting in measurable performance degradation. These findings reveal critical and previously hidden vulnerabilities in genomic foundation models, showing the importance of agentic risk auditing in securing biomedical applications such as clinical variant interpretation.

Paper Structure

This paper contains 20 sections, 5 equations, 6 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Methods
  3. Pseudo-Log-Likelihood Ratio (PLLR)
  4. Classification Objective
  5. Attack Models
  6. Targeted Soft Prompt Attack (Benign $\rightarrow$ Pathogenic).
  7. Optimization and Evaluation Protocol
  8. Experimental Results
  9. Settings
  10. Targeted Soft Prompt Attack Across CM and ARM Datasets
  11. Comparative Analysis of GFM Robustness Under Targeted Attack
  12. Case Study: Layered Agentic Risk Auditing with SAGE
  13. Related Works
  14. Genomic Foundation Models and Variant Effect Prediction
  15. Adversarial Attacks in Genomic Machine Learning
  16. ...and 5 more sections

Figures (6)

  • Figure 1: Soft prompt perturbation and agentic risk auditing with Secure Agentic Genomic Evaluator (SAGE). (a) The SAGE audits the model’s behavior in response to such perturbations. This agentic evaluation framework enables interpretable, automated analysis of robustness and misalignment in genomic foundation models without interfering with their internal optimization dynamics. (b) A schematic of soft prompt-based adversarial perturbation in genomic foundation models.
  • Figure : (a)
  • Figure : (a)
  • Figure : (b)
  • Figure : (c)
  • ...and 1 more figures