The AI Companies Told the Government Their Models Can Help Make Bioweapons. Now the States Are Fighting Over Who Regulates Them

The AI Companies Told the Government Their Models Can Help Make Bioweapons. Now the States Are Fighting Over Who Regulates Them

Three frontier AI companies already told federal regulators their models can assist in building biological weapons. The legislation came later.

That is the sequence Illinois state senator Mary Edly-Allen is trying to impose on a chaotic reality. Her bill, SB 315, passed the Senate 52 to 5 on May 21 and awaits a House vote with an effective date of January 1, 2028 Illinois General Assembly. It would require the largest AI developers to publish safety frameworks, report catastrophic incidents to the Illinois Emergency Management Agency within 72 hours Illinois Senate Democrats, and submit to a legal definition of catastrophic risk that mirrors language already on the books in California and New York.

But the law did not create the problem. The companies did.

Three leading frontier AI firms reported in their own safety evaluations that their models could provide meaningful assistance in building a biological weapon, according to testimony from Scott Wisor, policy director for Secure AI, cited in reporting by NPR Illinois. Anthropic's Claude Opus 4 was the first AI model to trigger a dangerous-capabilities early warning for bioweapons Lawfare, the company said it cannot rule out whether the model can significantly help relatively ordinary people create, obtain, and deploy bioweapons. Anthropic has also withheld its Mythos model from public release entirely, citing safety concerns NPR Illinois.

The companies moved first. The legislature is trying to catch up.

SB 315 is functionally identical to California's Transparency in Frontier Artificial Intelligence Act, signed by Governor Gavin Newsom on September 29, 2025 White & Case, and New York's Responsible AI Safety and Education Act, whose final version was signed by Governor Kathy Hochul on March 27, 2026 after a chapter amendment aligned it with California's framework Wiley Rein. All three laws target developers with annual gross revenues exceeding $500 million, require public safety frameworks before model deployment, and obligate companies to report critical incidents to a state agency.

The similarities are intentional. Edly-Allen explicitly designed SB 315 to create regulatory consistency across the three largest state economies in the country. But the laws diverge on details that lawyers and compliance officers are already studying closely.

California defines a frontier model using computing power, specifically a threshold of 10 to the 26th power in integer or floating-point operations used during training White & Case. New York and Illinois use the revenue trigger instead, sidestepping the technical definition problem but creating a different exposure: a company could fall under the law based on revenue even if its model does not approach frontier-level capability, and vice versa.

The reporting windows also differ. New York's RAISE Act gives companies 72 hours to report a critical safety incident to the state, with 24 hours if death or serious injury is imminent Wiley Rein. California's TFAIA allows 15 days. Illinois matches New York's 72-hour window Illinois Senate Democrats. Penalties under New York reach $1 million for a first violation and $3 million for subsequent ones Wiley Rein. California's civil penalties cap at $1 million per violation, enforced by the attorney general White & Case. Illinois penalties are still being negotiated in committee.

Behind the scenes, the industry has been lobbying aggressively. OpenAI and Anthropic both retained Springfield lobbyists during SB 315 negotiations, according to Capitol News Illinois. The firms are not opposing the bill outright. They are trying to shape it.

The core tension is federal preemption. California TFAIA includes language explicitly intended to standardize requirements across the country, a signal that sponsors hoped would encourage Congress to eventually adopt a national standard and avoid the compliance complexity of three overlapping state regimes. No such federal law exists yet. In the meantime, companies building the most powerful AI systems in the world are subject to three different sets of definitions, timelines, and disclosure requirements depending on where they operate and where their users are.

Critics of the laws, including some smaller AI developers and civil liberties groups, argue the $500 million threshold is arbitrary and will simply push risky development to well-funded startups just below the line. Supporters counter that the frontier is defined by capability, not company size, and that mandatory self-reporting of catastrophic incidents to a state emergency management agency is better than the current voluntary framework, under which companies decide for themselves what to disclose and to whom.

The bipartisan vote in the Illinois Senate suggests the politics are settled for now. The policy fight is just beginning.

SB 315 moves to the House. Whether it becomes the third leg of a coherent national framework or just another state-by-state patch over a hole that only federal action can fill depends entirely on what Congress does next.