Drop-in replacements
AI and terror, the training data collectors, and data center opposition
In this issue:
Terrorists’ newest recruits: large language models - AI models solve talent scarcity and operational security issues for terror groups
Will the last one out... - The fleeting nature of the training data collection industry
Data center roundup - Upcoming protests reflect displeasure over hasty, opaque approvals
Guest post by Dave Kasten
Terrorists’ newest recruits: large language models
AI models solve talent scarcity and operational security issues for terror groups

Yesterday, the New York Times reported that members of the Nigerian-based violent extremist group Boko Haram have used large language models (LLMs) to plan and conduct terrorist attacks. Researcher Antonia Juelich found that ISIS experts trained “both factions of Boko Haram … [to use] multiple leading AI systems, including ChatGPT, Claude, Gemini, Grok, Meta AI, and DeepSeek, for every stage of military activity, from mission preparation through execution to post-mission review” and coached them how to get around models’ safeguards.
In her field research, Juelich interviewed dozens of Boko Haram members, who shared stories of how they used LLMs to teach and advise them on everything from firearms usage, to improving bomb yields, to planning attacks, to learning how to jump motorcycles over a barricade to attack a military base.
(Notably, the time period covered by the interviews ranged from late 2023 to early 2025, so the stories involved help from models much less clever, capable, and autonomous than today’s models.)
I’m not surprised to hear that terrorist groups are using LLMs in this way. AI models help solve two key problems that terrorists and other violent non-state actors frequently face: talent scarcity and operational security. If you’re a terrorist, you’re trying to build a violent movement, and most people willing to join you aren’t master logisticians, bomb-makers, or attack planners; they’re usually just random guys who want to fight for a cause or a payday. Counterterrorist efforts know this; that’s part of why they target key nodes in a terrorist network with rare skillsets like recruiters, bombmakers, and money launderers.
Any attempt to get help from such experts risks exposing your network and its basically-irreplaceable expertise. Whether you’re communicating with them electronically or asking them to meet in person, it’s a high-risk act. If you can avoid asking the experts, you can survive for longer, and perhaps have greater odds of success.
The truth is, this isn’t new territory for those studying terrorist and other violent armed groups. Terrorist groups always use the tech of their day to try to circumvent these problems. For example, in the early 2010s, Al Qaeda in the Arabian Peninsula scared western counterterrorism experts with their widely-posted online English-language Inspire magazine, which encouraged “lone wolf” attacks and contained advice on bombmaking and attack planning, so that would-be terrorists didn’t need to travel to a foreign country to be recruited or trained. Similarly, in the mid to late 2010s, ISIS recruiters used social media and encrypted messaging apps to recruit Western talent, reducing exposure of their existing network by using less-surveillable channels.
So is this a difference in degree, or in kind? Well, so far, it seems like the answer is that it’s “just” a meaningful enhancement to terrorist groups’ operational security and ability to enable attacks by their rank-and-file members. But as models continue to get more capable with no end in sight, terrorists will have more and more internal experts on using models to uplift their capabilities.
Of course, the most severe concern is that they’ll use these capabilities to plan a chemical or biological attack. But a subtler but perhaps more dangerous development is when terrorist groups will no longer be constrained by talent and operational security, using near-future persuasive, autonomous AI models as “drop-in replacements” for the irreplaceable roles — recruiters, bomb designers, managers, and operational planners. When that happens, the models will identify security holes with precision, and they’ll play to win.
Dave Kasten is the head of policy at Palisade Research; he previously worked as a public sector consultant at Booz Allen Hamilton and McKinsey & Company.
Dispatches from Mitch
Will the last one out...
The fleeting nature of the training data collection industry
Are you interested in getting paid $225 an hour for acting as a customer service agent in fluent Hebrew?
Too late. That gig is almost certainly gone now, along with the consulting opening for “a physician with more than three years of experience in the Rwandan primary care medical system.”
The help-train-your-own-replacement industry — also known as the training data collection industry — comes across like a swarm of locusts in today’s New York Times profile of some of the startups behind it. But the locusts have increasingly picky palates.

The piece works well as a companion to Ruth Fowler’s excellent write-up for WIRED two months ago, which we recommended at the time. Fowler described being one of many highly educated people competing for lucrative-if-unpredictable gig work — labeling videos, scoring outputs, answering tricky questions — until the boom times went bust, the work dried up, and the companies became increasingly exploitative of those who remained.
The new story in the Times, by Lora Kelley, visits Mercor, one of the companies being sued by the dangerously clever workers in Fowler’s piece over worker abuses and leaks of private data.
The generally well-educated are no longer as useful to these companies because the data in demand is so highly rarefied: Think “Ph.D. physicist with a specialization in general relativity, astrophysics or cosmology,” to quote the description of one listing. Mercor is actually trying to move even further up the value chain, aiming to “capture the output of entire companies.” Once companies are automatable they move on to others.
Automated companies? I coincidentally ran into this thread on X this morning with excerpts from a memo by the CEO of one of the Chinese AI companies: “We are already moving toward the fully automated, no-person company, or NPC,” he wrote. Maybe he should look at Argentina: We’ve previously covered how Argentina’s president is pitching his country as friendly to non-human corporations.
Anyway, in the Times article, Dr. Amanda Brown, a biologist who played the gig-work game, saw working conditions deteriorate as the bar rose:
Part of the challenge, Dr. Brown said, was that over only a few months, she noticed rapid improvements that made it trickier to find things the A.I. models didn’t already know, which made her shifts that much more difficult.
Brown eventually took a teaching gig.
There’s an end-times feel to the whole piece. These gig workers and the companies hiring them all recognize that their work reflects a time of transition during which humans still have something to teach AIs. But the AIs are learning fast.
Data center roundup
Upcoming protests reflect displeasure over hasty, opaque approvals
Stories about opposition to data centers have become a regular staple of mainstream AI journalism. To sample a few from this week:
On Thursday, Newsweek covered the plans of Humans First, a conservative advocacy group coordinating a national day of protest against data centers at more than fifty sites across the U.S.
The group’s materials say their mission is to “protect our hometowns, our wallets, and our way of life from AI data centers forced on us in backroom deals.”
The organization’s website has a map of planned protests, which will be hosted by independent local organizers.

The day before, POLITICO reported that a 2023 Supreme Court ruling was being used to let data centers skip federal water pollution permits.
That ruling, in Sackett v. EPA, dramatically shrank the number of streams and wetlands protected by the Clean Water Act. But under the Trump administration, even projects still covered by the law are said to be “newly eligible for perfunctory approvals that the general public often doesn’t know about.”
Federal water permits were once considered the long pole in data center permitting, and served to clue the public in to planned developments. The information revealed through the applications provided ammunition local groups could use to oppose projects. When federal permits are bypassed, residents who want a say in what gets built near their homes are more reliant on an uneven patchwork of local, county, and state laws. An Ohio resident who only learned about an Amazon project after its permit was issued said, “It’s not even about data centers anymore at this point. It’s like, what’s happening to our democracy and what’s happening to our right to clean water and clean air?”
About that clean air: A story in the Associated Press this morning claims we are in the biggest-ever construction boom of natural-gas fired power plants, thanks to data centers that can each consume as much energy as a city. Clean-energy advocates are pushing for renewable requirements, but wind and solar projects are viewed as not being able to scale up quickly enough. This poses a special challenge to states like Michigan, Oregon, and Minnesota that had committed to using only zero emissions energy by 2040.
As fossil fuels go, natural gas is about as clean as it gets. But utilities and the federal government are also working to keep coal-fired plants operating past their scheduled retirement dates.
Given the long-term nature of utility planning, the fights playing out right now are expected to shape energy policy for decades.
The analyses and opinions expressed on AI StopWatch reflect the views of the individual contributors and the sources they cover, and should not be taken as official positions of the Machine Intelligence Research Institute.


