Three posts on X this week capture something important. A Stanford professor says the "AI virtual cell" space is putting parameters before experiment design. A biotech builder says it is a once-in-a-generation moment to build full-stack biotech from the ground up, "like SpaceX for the space industry." And a governance firm states it plainly: "AI in healthcare isn't the risk. Poor governance is." All three are right. And they point to the same question: biotech AI needs genomic data to accelerate discoveries. The question is not whether patients share their DNA with researchers. They should. The question is whether they get to set the terms.
The conversation this week
@anshulkundaje (Stanford, AI/genomics): "The whole AI virtual cell space has been putting parameters first and expt design second (or not at all) when the latter is the most important to match your questions of interest."
@TanayLohia1: "This is a once in a generation time to build a full stack biotech company from the ground up. Pick your lane: personalised therapies, vaccines... Time to do what SpaceX did to the space industry."
@blue_prism (SS&C Blue Prism): "AI in healthcare isn't the risk. Poor governance is. As AI and LLMs increasingly touch patient data, HIPAA compliance is imperative."
The common thread: the builders are right that the moment is real, the professor is right that data quality and design matter more than model size, and the governance firm is right that the risk is structural, not technical. At GenoBank.io we have been saying this for years: patients should lease their DNA to researchers to accelerate discoveries. But they should own what they share, consent on their own terms, earn from their contribution, and revoke when they choose.
Lease, not lose
Sharing genomic data with researchers is a good thing. It is how cures are found, how rare diseases are diagnosed, and how precision medicine becomes real. We are not against that. We are the infrastructure for it. What we are against is the model where a patient uploads data and loses control of it permanently.
Right now, most AI-in-biotech products follow the same pattern. A patient or consumer uploads genomic data, connects health records, or contributes a biosample. The company stores it, trains on it, builds products around it. The patient holds a login. Not ownership. Not a revocation right. Not a dividend. That is not leasing. That is losing.
We have seen what "lose" produces at scale. 23andMe collected data from roughly 15 million people, then entered bankruptcy, and those 15 million genomes became a corporate asset to be sold. The FTC had to formally intervene. California's AG issued an urgent consumer alert teaching people how to delete their own DNA before a buyer could acquire it. Those patients did not lease their data. They lost it.
The problem is not sharing your DNA. The problem is losing it.
A model trained on unconsented or irrevocable data is a liability, not an asset. When one patient revokes and you cannot comply, the dataset's provenance is compromised. When 15 million do, you are 23andMe. Researchers deserve clean, consented data. Patients deserve ownership.
How leasing actually works: the infrastructure
At GenoBank.io, we have been building the infrastructure that makes "lease your DNA to researchers" real and enforceable. Not a promise in a privacy policy. Code that runs on every access.
BioNFTs: ownership and consent in one cryptographic object
A BioNFT is a patient-owned ERC-721 token (on Avalanche, Story Protocol, or Sequentia) that carries both ownership of and revocable consent over a biosample and its derived data. The consent terms are bound into an EIP-712-signed manifest: allowed uses, denied purposes, expiry, license type. A researcher knows exactly what they are allowed to do. A patient can change the terms or revoke entirely, and the data goes dark within seconds. That is a lease with teeth.
The x402 biorouter: consent first, payment second
The x402 biorouter fuses the HTTP 402 "Payment Required" standard (designed for autonomous AI agents) with on-chain BioNFT consent. Every agent call runs a fixed 4-tier cascade:
- 1. Owner. Is the caller the data owner?
- 2. Consent. Is there active, unrevoked BioNFT consent for this purpose? Revoked = HTTP 410, GDPR Article 17, do not retry.
- 3. License. Does the caller hold a valid on-chain license?
- 4. Payment. Only if the patient has opened the data commercially does x402 settle the micropayment (95% patient, 5% protocol).
Consent is structurally senior to money. An AI agent cannot pay its way past a patient's revocation. Every authorized access is audit-logged with its declared purpose. This is what makes the lease enforceable: the researcher gets clean, consented access; the patient keeps the keys.
NFT-gated BioFS: the consent-gated filesystem
BioFS is the filesystem layer: all biodata lives AES-256-encrypted in Google Cloud Storage (never IPFS, because GDPR Article 17 requires real deletion). Nothing reaches the bytes without passing the biorouter gate. Large files (whole genomes, BAMs) are processed in place via sandboxed compute jobs, so raw PHI never crosses the wire. The researcher gets results. The patient keeps the data.
Metamorphic Consent and Biodata Dividends
Consent is not a one-time checkbox. It is Metamorphic Consent: an ongoing, revocable economic relationship where contribution is attributed and value flows back to the patient as Biodata Dividends. Privacy-preserving Bloom filters handle the fast per-call permission checks without exposing the underlying genome. And we reject federated learning as biodata laundering: every computation stays attributable, audited, and revocable. The patient who leases their genome to a cancer study deserves to know it was used, how it was used, and to be compensated for the value it created.
What researchers and biotech builders actually get
Clean, consented datasets with verifiable provenance. Per-call payment and consent gating via a standard AI agents already understand (HTTP 402). No legal ambiguity about whether the data was properly consented. Instant revocation compliance. HIPAA, GDPR, and CCPA by construction. And a dataset that holds up under scrutiny, audit, and publication review, because every contributor owns their data, consented explicitly, and can prove it.
The real SpaceX of biotech
The SpaceX analogy is compelling because SpaceX did not stop building rockets. It rebuilt the economics: reusable hardware, vertical integration, a cost structure that made the old model obsolete and opened space to everyone. The equivalent in biotech is not hoarding data behind corporate walls. It is a data layer where patients lease what they contribute on their own terms, consent is live and enforceable, the economics flow to the people whose biology makes the science possible, and researchers get cleaner, more trustworthy data than they have ever had.
That is what Kundaje means by putting design before parameters: the quality of your data governance determines the quality of your science. That is what Blue Prism means by governance over risk: the structure matters more than the model. And that is what a full-stack biotech company built on GenoBank's infrastructure looks like: not stolen DNA, but leased, consented, compensated, and revocable biodata powering the next generation of discoveries.
If you are building in this space, build on rails where patients lease their data willingly and researchers access it cleanly. That is how you accelerate discoveries and keep everyone's trust.
Author. Daniel Uribe, Founder and CEO, GenoBank.io. Sources. @anshulkundaje (Stanford), @TanayLohia1, and @blue_prism on X (June 9-10, 2026); FTC and California AG on 23andMe (2025).