Boko Haram exploited US and Chinese AI chatbots for attacks, Cambridge study finds


Huddled in a room around a big screen, dozens of Boko Haram members listened intently as external consultants, whom they called “the white guys”, coached them on how to use leading artificial intelligence chatbots with laptops pre-installed with VPNs and encryption software.

The workshop was one of several training sessions delivered by specialised AI “trainers”, likely members of the vast Islamic State network, to Boko Haram members in northeastern Nigeria sometime during 2023 or 2024, according to a former Boko Haram commander, who added that it was also the first time he saw the logo of US AI giant OpenAI.

The account was one of many shared in a new research paper released on Friday by Cambridge University, which indicated that Boko Haram used both frontier American and Chinese AI tools to assist in bomb construction, attack planning and wider day-to-day operations throughout 2024 and as recently as mid-2025.

Based on interviews with 27 former Boko Haram members conducted in northeast Nigeria over the past year, the researcher Antonia Juelich found that the group was using US chatbots including OpenAI’s ChatGPT and Anthropic’s Claude, as well as Chinese company DeepSeek’s chatbot, as key operational tools as it engaged in its terrorism campaign.

“This is very much a current national security problem,” Juelich told the South China Morning Post. “AI models are becoming much more capable, so the stakes are also much higher now.”

Researchers say Boko Haram used OpenAI’s ChatGPT alongside other AI chatbots. Photo: AFP

The report comes as there are growing calls for the US and China, the two countries behind the leading chatbots, to urgently address the risks of AI misuse by non-state actors in their coming AI safety talks, particularly as terrorists have expressed enthusiasm for using AI to help develop mass-casualty weapons.

“Neither country wants to be enabling terrorists, cybercriminals or other non-state actors,” said Kyle Chan, a fellow at Washington think tank Brookings.

“It is in each country’s own national security interests to combat this.”

Terrorists expand AI capabilities

In the years since the arrival of ChatGPT in late 2022, much of the attention has been on the misuse by terrorist groups of generative AI tools for propaganda purposes, including AI-generated images and videos for recruitment.

However, the interviews with former Boko Haram members – the first on-the-ground evidence of AI use by an active terrorist organisation – suggest that use cases have extended beyond propaganda into every stage of military activity, from mission preparation through execution to post-mission review.

According to the interviewees, multiple AI units were established internally in Boko Haram within around two years of ChatGPT’s release.

Staffed with senior operational and technical personnel such as bomb-makers and engineers, the units were responsible for obtaining useful outputs from the chatbots on a wide range of operational issues including ways to evade online detection while spreading propaganda.

“The unit can give you solutions to all kinds of problems,” a former lieutenant said.

“I don’t think there is a problem that these people cannot overcome,” said another former lieutenant. “They are the masters. They do the analysis with the AI and give us the strategies to implement.”

The safeguards built into the chatbots by the leading AI companies failed to block their usage by the terrorists, said Juelich.

At least some of the restrictions were bypassed with known techniques often referred to as prompt engineering or jailbreaking, such as telling the chatbot that the questions are for a “movie”.

Meanwhile, account suspensions also did not significantly disrupt their operations as they operated accounts across multiple providers.

Such techniques to bypass restrictions were mainly taught by foreign operatives from the wider Islamic State network either in person or online, multiple former members said.

The reliance on external technical expertise suggests that “similar training has likely reached other affiliates”, Juelich wrote in the report.

“There’s a lot of misconceptions about how these groups operate – that they are not literate, don’t innovate and are not sophisticated enough to use AI,” she said. “I think it’s important to show that they are.”

As the field research covers a period before some of the latest versions of the chatbots, it remains unclear whether the companies’ updated safeguards have reduced terrorist activity in the years since.

Other chatbots identified in the report include Google’s Gemini, xAI’s Grok and Meta’s namesake AI platform.

In a statement, Meta said the research covers its older models rather than its latest release, Muse Spark, which is supplemented by new safeguards most recently updated in April.

OpenAI, Anthropic, Google, xAI and DeepSeek did not respond to requests for comment.

Open-source AI models raise security concerns

As AI capabilities rapidly advance, their risks of catastrophic harms have raised alarms in both Washington and Beijing, most notably after the release of Anthropic’s Mythos model in April.

A new round of intergovernmental AI safety talks has been announced, though few details have been released.

Experts say that misuse of frontier AI by terrorist groups is one of the main areas where the two countries are most likely to cooperate amid fierce US-China tech competition, given the shared interest in preventing terrorist attacks.

However, a major sticking point is expected to be the governance of open-source models, which are models that are released publicly on the internet allowing users anywhere to customise them for their own use cases.

Earlier this month, Tech Against Terrorism – a counterterrorism non-profit organisation backed by the United Nations – highlighted in a new report that around a third of AI model responses provided “meaningful” assistance to terrorists beyond what could easily be found by web search.

The release of Anthropic’s Mythos model has intensified debate over AI safety and security risks. Photo: Reuters

Notably, the report found that the worst performing models were open-source models after their safeguards were stripped out in a process called “abliteration”.

As most of the leading open-source models today are Chinese, any restrictions on open models globally will impact the Chinese AI industry more, said Brookings’ Chan.

Many Chinese experts deny that open models are more dangerous than their closed counterparts, pitting them against advocates like Adam Hadley, founder of Tech Against Terrorism, who says that global restrictions on releasing open-source models should be considered “in the absence of agreements on how to control abliterated models”.

“If a Mythos-level model is released [open source], then we should be really concerned because we know the first movers will be the criminals and the terrorists,” he said.

In Juelich’s study, the Boko Haram terrorists were misusing both open and closed-source AI models, relying on the chat interface accessed through their official websites instead of using an abliterated version of an open-source model like DeepSeek.

“A lot of the debate about AI misuse often focuses a lot on open-source models,” said Juelich. “However, the way the [Boko Haram] terrorists used DeepSeek wasn’t particularly about it being open source.”

A key uncertainty is how terrorists’ AI use might have developed since the period covered by the study.

The proliferation of open-source Chinese models largely began last year, with a host of Chinese models including Alibaba’s Qwen and Zhipu’s GLM joining DeepSeek in gaining global traction.

Juelich acknowledges the possibility that the increased safeguards of closed US models since then might have led terrorist groups to transition to using more open-source Chinese models. She has plans to conduct a follow-up study that covers the last two years.

“We somehow missed that all of this was happening over the last few years, the fact that these terrorists were using and jailbreaking these models,” she said.

“Just as models improve over time, so do the techniques that these groups employ.” -- SOUTH CHINA MORNING POST

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Aseanplus News

Philippines VP Sara Duterte’s net satisfaction rating rises to 31 points: survey
Asean News Headlines at 10pm on Thursday (July 16, 2026)
Construction sector issues new guidelines to implement total smoke ban in Hong Kong
Authorities order demolition of unauthorised buildings in northern Indian varsity
Lindsey Graham’s death removes one of Washington’s most influential China hawks
Singapore, Brunei reaffirm commitment to strengthening bilateral ties during SM Lee's visit
Korean man indicted for murdering girlfriend over argument
Two men arrested over 123 ‘crash-for-cash’ traffic accidents in Hong Kong
Couple detained for alleged neglect of nine-month-old baby in Alor Gajah
India customs becomes second agency to fight Adani over nicotine pouches

Others Also Read