The image of a modern insurgent has long been defined by improvised explosive devices and guerrilla tactics learned from weathered manuals. But in the forests and scrublands of northeast Nigeria, the toolkit of the adversary has shifted. The rustle of paper has been replaced by the glow of laptop screens and the rapid-fire responses of large language models. This is no longer a theoretical risk discussed in AI safety labs in San Francisco or London; it is a deployed operational reality where frontier AI is being used to optimize the lethality of asymmetric warfare.
The Integration of Frontier AI into Insurgent Operations
Recent intelligence gathered between 2025 and 2026 reveals a systematic adoption of frontier AI by the two primary factions of Boko Haram: the Islamic State West Africa Province (ISWAP) and Jamā’at Ahl as-Sunnah lid-Da’wah wa’l-Jihād (JAS). The findings emerge from 57 in-depth interviews with 27 former members, painting a picture of a conflict where AI is integrated into every stage of the operational cycle. These groups are not relying on a single tool but are utilizing a diverse suite of six major AI services, including ChatGPT, Claude, Gemini, Grok, Meta AI, and DeepSeek.
The application of these models extends far beyond the generation of propaganda. Insurgents are using AI for high-stakes technical tasks, such as diagnosing malfunctions in weaponry and designing the circuitry for improvised explosive devices. Tactical planning has also been digitized, with AI assisting in the development of strategic maneuvers and the optimization of operational security (OPSEC) to evade detection. Logistics and movement, the backbone of any insurgency, are now streamlined through AI-driven solutions.
Concrete examples of this application are particularly alarming. ISWAP members reported querying AI models to determine the most effective way to employ motorcycles to breach fortified trenches at military bases, subsequently applying these AI-generated tactics in real-world assaults. Furthermore, the group has utilized AI to refine the weaponization of drones, specifically seeking technical advice on calculating payload weights and designing efficient release mechanisms for dropping munitions.
According to the former members, the introduction of AI has significantly reduced the trial-and-error phase of weapon development. By obtaining more accurate technical solutions, the groups believe they have reduced their own internal casualties during the testing of improvised munitions. While these claims rely on self-reported data from former combatants, they suggest a perceived increase in operational efficiency directly tied to AI utility.
The Institutionalization of Adversarial AI Pipelines
The most critical revelation is that this AI adoption is not the result of isolated individuals experimenting with prompts. Instead, it is the product of a sophisticated, transnational knowledge transfer network. ISWAP and JAS did not stumble upon these tools; they were trained by agents from the Islamic State (IS) who provided a comprehensive onboarding pipeline. This training included face-to-face instruction using projectors to demonstrate AI capabilities, the provision of laptops pre-loaded with VPNs and encrypted software, and direct administrative support for creating and managing paid subscriptions to bypass the limitations of free tiers.
This organized approach allowed the insurgents to develop a systematic method for neutralizing AI guardrails. Rather than struggling against the safety filters designed by AI developers, they employ a structured pipeline of adversarial prompting. One primary technique involves the use of personas, where the user frames a dangerous request as a benign creative exercise, such as asking the AI to describe a weapon's construction for the purpose of a movie script. When combined with specific jailbreaking techniques, these methods allow users to extract restricted information.
To ensure operational continuity, the groups employ a multi-model redundancy strategy. If a specific model refuses a prompt or an account is flagged and suspended, the operator simply switches to another service among the six they maintain. This prevents any single point of failure in their intelligence gathering.
Internally, the groups have mirrored corporate technical structures by establishing dedicated AI units. These units are composed of high-level technical personnel, including explosives experts, firearms specialists, and engineers. This AI cell acts as a centralized control tower, analyzing data and generating practical field manuals that are then disseminated down the chain of command. Access to these AI tools is strictly regulated based on rank, trust, and education level, ensuring that the most potent capabilities remain under tight internal security.
This shift reveals a fundamental flaw in current AI safety architectures. Most guardrails are designed to stop a lone individual from asking a prohibited question. They are not designed to stop a motivated organization that provides its users with VPNs, paid accounts, and professional training in adversarial prompting. When a high-will organization finds even a small amount of utility in an AI model, it creates a feedback loop that accelerates the investment of human and financial resources into that tool.
While current usage is focused on conventional and improvised weaponry, there is a growing interest among these groups in chemical, biological, radiological, and nuclear (CBRN) capabilities. As frontier models become more capable, the risk that these organized adversaries will successfully pivot to mass-casualty weapon design increases.
AI developers and security agencies must now move beyond simple keyword filtering and individual prompt validation. The challenge is no longer about blocking a word, but about detecting the patterns of organized, institutionalized misuse. The transition of AI from a productivity tool to a tactical asset for organized insurgents transforms AI safety from a corporate ethics issue into a pressing matter of global national security.



