Study Finds Boko Haram Used ChatGPT Claude and Other AI Chatbots for Attack Planning
- Martin Chen

- 5 days ago
- 2 min read
A new study documents how Boko Haram members turned mainstream chatbots into tools for attack planning and explosives development. Cambridge researcher Antonia Jülich interviewed 27 former members across 57 sessions and found repeated use of ChatGPT, Claude, Gemini, Grok, Meta AI and DeepSeek.
The two main factions each created internal AI departments. Members described prompting the models for route selection, timing of raids, and instructions for stronger improvised explosive devices. The same accounts indicate ISIS began supplying prompt-engineering training to Boko Haram commanders as early as 2023.
Security filters on every major chatbot were bypassed in multiple cases. Anthropic has stated that complete prevention of jailbreaks may be impossible.
Evidence from former members
Jülich collected the accounts directly from ex-combatants who left between 2022 and 2025. Several described using the chatbots to maintain weapons and to test phrasing that avoided refusals. One former fighter said the group tested dozens of prompts until the models supplied detailed steps for device assembly.
The interviews produced consistent details across both factions. One unit focused on operational security and communications, while the other concentrated on weapons improvement. Both maintained small teams whose only task was to operate and refine AI prompts.
ISIS role in training
According to the same former members, ISIS supplied written guides on bypassing safety layers. The material included example prompts and follow-up questions that had worked on Western chatbots. Nigerian commanders then adapted those methods during 2023 and 2024.
The training appears to have been shared across networks rather than developed independently. This matches earlier reports of ISIS circulating jailbreak techniques on its own channels since late 2023.
Limits of current safety measures
No major provider has released data showing how often its models refuse or allow harmful queries from known high-risk regions. The study notes that once a prompt is rephrased over several turns, refusal rates drop sharply.
Anthropic researchers have publicly acknowledged that some jailbreaks remain effective despite repeated updates. Other companies have made similar admissions in technical papers without publishing exact success rates.
What remains unverified
The accounts come from former members and have not been cross-checked against captured devices or intercepted messages. No public record confirms that completed devices were built solely from chatbot output.
The precise scale of use inside each faction is also unknown. Interviewees gave examples but could not state how many total prompts were sent or how often they succeeded.
Next indicators to watch
Researchers will look for new variants of known jailbreak prompts that appear in extremist forums. Any spike in similar phrasing on public datasets could signal continued testing.
Law-enforcement and platform teams are expected to release updated refusal statistics for high-risk queries in the coming months. Consistent reduction in successful bypasses would indicate progress, while flat or rising numbers would support the study’s caution.
Platform transparency reports due in the next quarter may list additional categories of blocked content. Those reports will show whether the described incidents prompted new enforcement steps.


