University of Cambridge researcher Antonia Juelich published findings this week showing that both factions of Boko Haram have built dedicated AI units and systematically use frontier AI chatbots for combat operations. The research, published through the Cambridge Programme on AI Science & Policy and featured in The New York Times, is based on 57 in-person interviews with 27 former members conducted in northeast Nigeria during 2025 and 2026.

What the Research Found

The chatbots used span every major frontier provider: ChatGPT, Claude, Gemini, Grok, Meta AI, and DeepSeek. According to Juelich’s paper, members used these tools for attack planning, weapons troubleshooting, and the design of explosive devices. The usage was not ad hoc. Islamic State operatives provided in-person AI training, and both Boko Haram factions established specialized units to institutionalize AI into operations.

“You type in the question or use your voice and it gives you a detailed answer, like ‘How can I build a bomb?’ and then it tells you how,” one former member told researchers. “It is like a human robot! We used it a lot.”

Another member described how recruits bypassed safety guardrails by telling chatbots “they need it for a movie or something like that,” according to Futurism’s reporting on the study.

The Guardrail Problem

The study confirms what security researchers have warned about for years: guardrail systems on frontier models remain trivially bypassable for motivated actors. The gap between the safety claims AI companies make and the actual resilience of their systems is widening as use cases grow more dangerous.

Juelich noted that some respondents “expressed openness to mass-casualty weapons, though the group’s use of AI remains conventional.” The qualifier matters. Current use is limited to conventional tactics, but the infrastructure for escalation is already in place.

Vendor Silence

When Futurism contacted Anthropic and Google for comment, both issued generic statements about guardrails being in place. Neither provided specific details about how their systems failed or what changes they planned. The response pattern is familiar: issue a boilerplate statement, avoid specifics, wait for the news cycle to move on.

The Agent Dimension

The findings carry direct implications for the agent ecosystem. If frontier models cannot reliably prevent a teenager with a “it’s for a movie” excuse from extracting bomb-making instructions through a chat interface, the attack surface expands dramatically when those same models gain autonomous tool access, persistent memory, and the ability to execute multi-step plans without human checkpoints. Every agent framework that routes untrusted queries through frontier models inherits this vulnerability class.

The research also highlights knowledge transfer through transnational jihadist networks, with Islamic State operatives delivering hands-on AI training. That training model scales. As agent tooling makes AI more accessible, the barrier between “chat-based misuse” and “agent-assisted operations” narrows further.