Terrorists' newest recruits: large language models
AI models solve talent scarcity and operational security issues for terror groups
Guest post by Dave Kasten

Yesterday, the New York Times reported that members of the Nigerian-based violent extremist group Boko Haram have used large language models (LLMs) to plan and conduct terrorist attacks. Researcher Antonia Juelich found that ISIS experts trained “both factions of Boko Haram … [to use] multiple leading AI systems, including ChatGPT, Claude, Gemini, Grok, Meta AI, and DeepSeek, for every stage of military activity, from mission preparation through execution to post-mission review” and coached them how to get around models’ safeguards.
In her field research, Juelich interviewed dozens of Boko Haram members, who shared stories of how they used LLMs to teach and advise them on everything from firearms usage, to improving bomb yields, to planning attacks, to learning how to jump motorcycles over a barricade to attack a military base.
(Notably, the time period covered by the interviews ranged from late 2023 to early 2025, so the stories involved help from models much less clever, capable, and autonomous than today’s models.)
I’m not surprised to hear that terrorist groups are using LLMs in this way. AI models help solve two key problems that terrorists and other violent non-state actors frequently face: talent scarcity and operational security. If you’re a terrorist, you’re trying to build a violent movement, and most people willing to join you aren’t master logisticians, bomb-makers, or attack planners; they’re usually just random guys who want to fight for a cause or a payday. Counterterrorist efforts know this; that’s part of why they target key nodes in a terrorist network with rare skillsets like recruiters, bombmakers, and money launderers.
Any attempt to get help from such experts risks exposing your network and its basically-irreplaceable expertise. Whether you’re communicating with them electronically or asking them to meet in person, it’s a high-risk act. If you can avoid asking the experts, you can survive for longer, and perhaps have greater odds of success.
The truth is, this isn’t new territory for those studying terrorist and other violent armed groups. Terrorist groups always use the tech of their day to try to circumvent these problems. For example, in the early 2010s, Al Qaeda in the Arabian Peninsula scared western counterterrorism experts with their widely-posted online English-language Inspire magazine, which encouraged “lone wolf” attacks and contained advice on bombmaking and attack planning, so that would-be terrorists didn’t need to travel to a foreign country to be recruited or trained. Similarly, in the mid to late 2010s, ISIS recruiters used social media and encrypted messaging apps to recruit Western talent, reducing exposure of their existing network by using less-surveillable channels.
So is this a difference in degree, or in kind? Well, so far, it seems like the answer is that it’s “just” a meaningful enhancement to terrorist groups’ operational security and ability to enable attacks by their rank-and-file members. But as models continue to get more capable with no end in sight, terrorists will have more and more internal experts on using models to uplift their capabilities.
Of course, the most severe concern is that they’ll use these capabilities to plan a chemical or biological attack. But a subtler but perhaps more dangerous development is when terrorist groups will no longer be constrained by talent and operational security, using near-future persuasive, autonomous AI models as “drop-in replacements” for the irreplaceable roles — recruiters, bomb designers, managers, and operational planners. When that happens, the models will identify security holes with precision, and they’ll play to win.
Dave Kasten is the head of policy at Palisade Research; he previously worked as a public sector consultant at Booz Allen Hamilton and McKinsey & Company.
The analyses and opinions expressed on AI StopWatch reflect the views of the individual contributors and the sources they cover, and should not be taken as official positions of the Machine Intelligence Research Institute.

