This work addresses the vulnerability of biological large language models (Bio-LLMs) to misuse in generating dual-use biological information, a risk inadequately mitigated by existing static filtering mechanisms that fail to adapt to dynamic research contexts. To this end, we propose the first context-aware application-layer firewall specifically designed for Bio-LLMs, integrating a dual-stage defense of pre-generation prompt scanning and post-generation output validation to enable real-time detection and interception of dual-use threats. The framework incorporates a domain-customized prompt scanner, a bio-threat-category-based risk scoring module, an output verification component, and a constrained, safe regeneration mechanism. This architecture not only blocks high-risk queries at the source but also triggers secure re-generation upon detecting unsafe outputs, substantially enhancing the safety and reliability of Bio-LLMs in real-world scientific environments.

The rapid advancement of Large Language Models (LLMs) in biological research has significantly lowered the barrier to accessing complex bioinformatics knowledge, ex perimental design strategies, and analytical workflows. While these capabilities accelerate innovation, they also introduce serious dual-use risks, as Bio-LLMs can be exploited to generate harmful biological insights under the guise of legitimate research queries. Existing safeguards, such as static prompt filtering and policy-based restrictions, are insufficient when LLMs are embedded within dynamic biological workflows and application-layer systems. In this paper, we present BioShield, a context-aware application-level firewall designed to secure Bio LLMs against dual-use attacks. At the core of BioShield is a domain-specific prompt scanner that performs contextual risk analysis of incoming queries. The scanner leverages a harmful scoring mechanism tailored to biological dual-use threat cat egories to identify prompts that attempt to conceal malicious intent within seemingly benign research requests. Queries ex ceeding a predefined risk threshold are blocked before reaching the model, effectively preventing unsafe knowledge generation at the source. In addition to pre-generation protection, BioShield deploys a post-generation output verification module that inspects model responses for actionable or weaponizable biological content. If an unsafe response is detected, the system triggers controlled regeneration under strengthened safety constraints. By combining contextual prompt scanning with response-level validation, BioShield provides a layered defense framework specifically designed for bio-domain LLM deployments. Our framework advances cyberbiosecurity by formalizing dual-use threat detection in Bio-LLMs and proposing a structured mitigation strategy for secure, responsible AI driven biological research.