The conversation about artificial intelligence and terrorism has, until very recently, centered almost entirely on propaganda: deepfakes, radicalization chatbots, AI-generated recruitment content. That framing is no longer sufficient. A sharper and more operationally dangerous use of AI has emerged, one that most public safety organizations have not yet built into their threat models. Terrorists and violent extremists are now using freely available AI tools to plan attacks, and the evidence from cases across 2025 makes this impossible to ignore.
Michael Balboni, who has spent decades at the intersection of government security and emergency management, flagged this shift in a post following News 12 correspondent Derick Waller’s reporting on Iran-linked terror threats and the tactics now being used by foreign-directed actors operating on American soil. The issue extends well beyond any single threat actor or ideology. It represents a structural change in how attacks are conceived and prepared.
What the Evidence Shows
Researchers tracking terrorist plots and attacks through 2025 have documented a sharp uptick in the operational use of AI tools. The pattern is consistent across cases with no shared ideology: lone actors, inspired plotters, and operatives with foreign backing are all turning to AI at the planning stage.
The Las Vegas Cybertruck bombing on New Year’s Day 2025 offers one of the clearest examples. The suspect used a chatbot to research explosives, detonation methods, and local firearms retailers before carrying out the attack. He treated a conversational AI system as a readily available expert advisor on attack logistics.
Hours earlier, the New Orleans attacker who drove a vehicle into a crowd on Bourbon Street, killing 14 people, had conducted pre-attack reconnaissance using AI-enabled smart glasses. The glasses, equipped with a camera and voice assistant, allowed him to move through the French Quarter while gathering information about crowd density, venue layouts, and security positioning. Even if the AI functionality was not actively used in every moment, the possibility that a plotter could ask questions about a target environment in real time, as he scouts it, represents a genuinely new reconnaissance capability.
In California, the May 2025 bombing of a Palm Springs fertility clinic involved extensive chatbot use during the preparation phase. Researchers documenting these cases note that AI is now serving three primary functions in attack planning: accelerating operational learning (how to build weapons, how to evade detection), visualizing scenarios, and providing personalized, step-by-step tactical guidance.
Why This Is Different From Prior Threats
Law enforcement has long contended with the internet as an accelerant for terrorist activity. What changes with AI is the nature of the interaction. A forum post or a PDF manual is static. A chatbot is interactive, responsive, and patient. It can take a user from a vague intent to a specific operational plan through a conversation that feels nothing like searching a database.
The result is a dramatic reduction in the knowledge gap between intent and capability. Individuals who previously lacked the technical background to carry out complex attacks can now access personalized guidance on explosives chemistry, surveillance tactics, and target selection in a single session. The barrier to operationalization has dropped.
There is also a surveillance problem. Traditional threat detection relies in significant part on monitoring communications and online activity for indicators of radicalization or planning. When someone uses a closed AI session to develop an attack plan, that session may leave no observable trace in the open digital environment that law enforcement can monitor. The planning occurs in a space that existing threat detection frameworks were not designed to reach.
What Law Enforcement Needs to Understand
The implications for public safety agencies are not theoretical. They are operational, and they require a rethinking of several baseline assumptions.
1. AI threat detection must evolve beyond its current mandate
Most AI threat detection work in public safety focuses on using AI to identify threats, such as surveillance systems that flag anomalous behavior or platforms that scan social media for extremist content. That defensive application is valuable, but agencies need to simultaneously understand how the threat actor is using AI offensively. The two sides of the AI equation are developing at different speeds, and law enforcement cannot afford to optimize only for one.
2. The pre-attack phase has changed
Historically, the planning phase of a domestic attack involved information-gathering behaviors that were potentially detectable: acquiring materials, communicating with others, visiting targets. AI compresses and conceals parts of that process. Target research, tactics research, and weapons research can now occur in an unmonitored conversational interface. Behavioral detection models built around prior assumptions about how planning leaves traces need to be revisited.
3. Partnerships with technology companies are no longer optional
The most effective interventions at this stage are likely to occur at the platform level, through cooperation between AI developers and law enforcement on detecting misuse patterns and preventing escalation before it reaches the operational stage. This is not a comfortable space legally or politically, but it is where the leverage exists.
4. Training gaps are significant
Most line officers and even many intelligence analysts do not have a functional understanding of how generative AI tools work or how they are being used in criminal and terrorist contexts. That gap will widen as the technology becomes more capable. Building baseline AI literacy into law enforcement training is no longer a forward-looking nicety; it is a present-day readiness requirement.
The Foreign Threat Dimension
The domestic lone-actor picture is concerning on its own terms, but Michael Balboni’s focus in his post on the Iran-linked threat environment points to an additional layer of complexity. Foreign-directed actors operating in the United States are operating in an information environment shaped by the same AI tools available to anyone else.
When a foreign intelligence service or a designated terrorist organization is directing operatives to identify attack vectors against American targets, as recent federal cases involving Iranian-backed actors and plots against New York, Los Angeles, and Scottsdale have made clear, those operatives have access to AI tools that can assist in identifying high-value, high-visibility, and symbolically significant targets. The attack planning process can be seeded, accelerated, and refined with tools that cost nothing and require no specialized infrastructure.
The combination of state-directed intent and consumer-grade AI capability is a threat profile that the public safety community has not fully grappled with.
Where RedLand Fits
This is precisely the kind of threat landscape that RedLand Strategies was built to address. Michael Balboni’s work spans three decades of government security leadership, including service in the New York State Senate and as New York State’s first Homeland Security Advisor following September 11. The firm’s Crisis Communication and Emergency Management Planning practice helps organizations understand not just where threats originate but how those threats evolve as technology changes.
AI as an attack planning tool is not a future threat. It is a present one. The cases are documented. The capability is widely available. What remains is whether law enforcement agencies, elected officials, and the institutions they protect will treat this as an urgent operational challenge or as a technology story to follow from a distance.
Michael Balboni’s answer to that question is clear: urgency is warranted, and it starts with understanding what is actually happening in the field.
RedLand Strategies provides security consulting, emergency management planning, and crisis communication services to government agencies, institutions, and private sector clients. Learn more about how RedLand can support your organization’s preparedness.