The Drug Discovery Agent Becomes the Workflow Gate
The Mozi paper is useful because it treats a scientific agent less like a brilliant chat window and more like a governed workflow: tool permissions, artifact state, human checkpoints, and replayable evidence become part of the machine.
Not a Lab
Drug discovery is a tempting domain for agent stories because the work already looks like a chain of decisions: identify a target, search a library, dock candidates, estimate ADMET properties, optimize leads, and decide whether anything deserves expensive follow-up. A language agent can sit at the center of that chain and look like an autonomous scientist. The harder question is whether the chain is governed well enough for the agent's output to remain inspectable.
The safety issue is not only hallucinated prose. A scientific agent can invoke tools, spend compute, create molecular artifacts, pass bad identifiers downstream, or treat a weak proxy score as a stronger biological claim. The workflow gate is the place where a generated plan must meet permissions, schema checks, human judgment, and evidence before it becomes the next stage.
The Paper
arXiv lists Mozi: Governed Autonomy for Drug Discovery LLM Agents as arXiv:2603.03655v1 [cs.AI], submitted March 4, 2026. The authors are He Cao, Siyu Liu, Fan Zhang, Zijing Liu, Hao Li, Bin Feng, Shengyuan Bai, Leqing Chen, Kai Xie, and Yu Li, affiliated in the paper with the International Digital Economy Academy.
The paper's premise is that tool-augmented LLM agents are bottlenecked in drug discovery by unconstrained tool use and poor long-horizon reliability. Mozi is presented as a dual-layer architecture that tries to keep free-form reasoning for low-risk tasks while placing multi-stage discovery inside structured workflows.
Two Planes
Layer A is the Control Plane: a supervisor-worker hierarchy that routes intent, separates research and computation work, restricts tools by role, and uses reflection-based replanning when execution fails. This is the governance layer. It decides which agent can ask which question, which tool can be touched, and when a costly or side-effectful step is allowed.
Layer B is the Workflow Plane: stateful skill graphs for stages such as Target Identification, Hit Identification, Hit-to-Lead, and Lead Optimization. The point of the graph is to protect artifact state. A protein structure, SMILES list, docking grid, ADMET table, or candidate set should not live only as a sentence in a prompt. It should have typed inputs, validated outputs, and stage boundaries.
The appendix says Mozi uses MCP to separate database/search tools from computation tools. The paper lists read-oriented resources such as UniProt, PubChem, ChEMBL, STRING, Ensembl, NCBI, PDB, Open Targets, DrugBank, KEGG, and ClinicalTrials, and computation tools such as AutoDock Vina-style docking, RDKit, Open Babel, pocket detection, ADMET predictors, and generative chemistry workflows.
What Was Measured
The paper introduces PharmaBench, a benchmark of 88 tasks: 55 from Therapeutics Data Commons, 28 from a drug-discovery subset of Human-Last Exam, and 5 auxiliary tasks. It reports exact match where applicable, manual verification for complex traces, accuracy and F1 for classification or multiple-choice tasks, and SMAPE for regression tasks.
On PharmaBench, Mozi with Qwen3-235B reports 6/26 MCQ accuracy, 33/54 classification accuracy, and 1.169 SMAPE over 8 regression tasks, compared with Biomni using Qwen3-235B at 4/26, 20/54, and 1.599. On the 28-task HLE drug-discovery subset, Mozi with Deepseek-V3.2 reports 6 correct answers, or 21.42 percent. These numbers are useful, but they are not a clinical-validity claim. They mix model priors, tool interface robustness, and orchestration quality.
Case Studies
The long-horizon demonstrations cover Crohn's disease, Parkinson's disease, and sepsis. The reported local setup used 4 NVIDIA A6000 48GB GPUs and 128 CPU cores. In the Parkinson's run, the paper reports high-throughput virtual screening over 377,760 compounds in 35 minutes using LigUnity as a fast drug-target interaction prefilter before final structural validation.
Those traces are valuable because they show the governance machinery under stress: human checkpoints for target or pocket selection, docking failures caught inside the workflow graph, and toxicity or ADMET penalties changing the route. They should still be read as in-silico demonstrations. The molecules and rankings are computational hypotheses, not medicines.
Governance Reading
This page belongs beside AI-enabled biology as a sequence screen, AI biosecurity, AlphaFold, AI-driven drug discovery, and agent evidence trails. The common problem is materialization. A model output in biology can become a lab order, an experimental plan, an intellectual-property claim, a safety review, or an investment memo. That transition needs more than a fluent rationale.
Mozi's strongest lesson is architectural humility. If a scientific agent is allowed to act, the system should know which stage it is in, which tools are permitted, which artifact is authoritative, which human checkpoint was passed, and what evidence would let a reviewer replay the decision.
Limits
The paper is explicit about remaining limits: external tools and databases can drift; constrained agents remain stochastic; human checkpoints add burden and reduce full automation; benchmarks conflate knowledge, tool robustness, and orchestration; and the case studies rely on surrogate models and scoring functions without explicit uncertainty quantification. The authors also state that Mozi is decision support, not autonomous scientific authority, and that outputs should not be treated as clinical, therapeutic, or regulatory guidance.
That disclaimer is not a footnote. It is the governance boundary. A workflow-native drug-discovery agent can make scientific work more legible, but the final authority still belongs to domain validation, wet-lab evidence, safety review, and accountable institutions.
Workflow Receipt
A drug-discovery agent receipt should record: user request, disease or target interpretation, model backend, tool registry, role permissions, MCP server versions, databases queried, protein and compound identifiers, schemas, artifacts, generated molecules, docking settings, ADMET filters, human checkpoints, failed tool calls, surrogate models, uncertainty notes, benchmark version, and the final disposition. The audit-grade sentence is: this workflow generated these computational hypotheses under these constraints, with these unresolved validation duties.
Sources
- He Cao, Siyu Liu, Fan Zhang, Zijing Liu, Hao Li, Bin Feng, Shengyuan Bai, Leqing Chen, Kai Xie, and Yu Li, Mozi: Governed Autonomy for Drug Discovery LLM Agents, arXiv:2603.03655v1 [cs.AI], submitted March 4, 2026.
- Primary arXiv versions checked: PDF and experimental HTML, reviewed for title, authorship, date, architecture, MCP tooling, PharmaBench composition, reported metrics, case-study setup, therapeutic examples, and limitation language.
- Related pages: The Sequence Screen Becomes the Biosecurity Interface, AI Biosecurity, AlphaFold, Daphne Koller, and The Agent Breadcrumb Becomes the Oversight Trail.