In the emerging battlespace, the most dangerous weapon is no longer a missile or a machine; it’s an algorithm. Artificial intelligence has transformed weaponisation, shifting harm from physical objects to digitally produced capabilities. Unlike conventional arms, AI systems can generate designs and decision pathways that significantly lower the expertise needed to cause harm, allowing users to bypass traditional technical barriers.

Rapid advances in autonomy show how machine learning and coordination now enable systems to operate with diminishing human oversight, while civilian AI tools have become omni-use and easily weaponised. This paper examines how international law built for physical weapons cannot regulate AI-generated blueprints, open-source misuse, or autonomous systems.

AI-GENERATED WEAPON BLUEPRINTS: WHEN DIGITAL FILES BECOME ARMS

AI-assisted CAD (Computer-Aided Design) tools can autonomously generate firearm components, explosive mechanisms and drone frames. Combined with inexpensive 3D printers, this creates an end-to-end, low-skill manufacturing pipeline.

Key shifts:

  • Rise of “ghost guns” with untraceable polymer frames,
  • AI reduces the technical knowledge needed to design weapon parts,
  • Instant reproducibility through downloadable files,

Regulation is unable to keep pace. The EU has noted that downloadable CAD files lie outside weapon definitions, meaning they circulate freely and evade interdiction. As a result:

  • Law enforcement cannot track or intercept files,
  • Individuals can manufacture weapons privately using AI-generated designs,

This amounts to non-physical arms manufacturing where the weapon exists first as code, not hardware.

A well-known experiment showed that a generative drug-discovery model produced over 40,000 toxic molecules in hours, demonstrating how AI removes long-standing expertise barriers in chemical weapon design and enables dangerous formulas to circulate as data. 

The OpenAI Preparedness Framework warns that frontier models can help users conceptualise biological and chemical threats and because these agents begin as digital constructs, attribution becomes difficult.

Existing arms-control systems regulate physical objects, not digital artefacts.

Gaps in current law:

  • Wassenaar controls intrusion software & hardware, not AI blueprints,
  • CAD files fall under “intangible technology transfer,” which is unregulated,
  • Code is infinitely replicable and does not fit traditional weapon categories,

Thus, AI-generated weapon blueprints operate as dematerialised arms that circumvent every conventional regulatory mechanism.

OPEN-SOURCE MODELS AND THE LOSS OF CONTROL

The risks of AI weaponisation are amplified by open-source models. Closed-source systems operate within controlled environments, but open-source models can be freely downloaded, modified and fine-tuned without oversight. Modern AI systems are omni-use technologies, meaning tools built for civilian applications yet easily repurposed for harmful ends. Once developers release model weights publicly, their diffusion becomes irreversible.

Even aligned models remain vulnerable to jailbreaks that bypass safety features. Empirical jailbreak research shows that adversarial prompts can elicit harmful outputs such as:

  • instructions for firearm or explosive construction
  • chemical toxin synthesis pathways
  • targeting and optimisation strategies
  • evasion and circumvention techniques,

These failures occur because guardrails are superficial; the underlying model still contains extractable knowledge. The OpenAI Preparedness Framework acknowledges that safeguards cannot fully prevent malicious use, especially when facing prompt-injection, multi-step reasoning exploits, or fine-tuning attacks. Consequently, jailbreaks demonstrate that model-level safety does not equate to misuse prevention, especially when models are openly accessible.

Existing liability frameworks are ill-suited for adaptive AI. The IT Act’s intermediary liability model requires “actual knowledge” of harm; Yet AI weaponisation emerges unpredictably, making foresight impossible. Furthermore, traditional product liability is incompatible with models that evolve beyond initial deployment.

The EU AI Act offers a partial solution through transparency, human oversight and risk management for high-risk systems. Extending similar obligations to open-source releases such as controlled weight distribution, pre-release safety testing and provenance tracking, would help establish shared responsibility across developers and deployers. Without such measures, open diffusion ensures a structural loss of control.

While regulatory debates continue, parallel developments in autonomous systems demonstrate how rapidly these risks are escaping institutional control.

AUTONOMOUS DRONES & NON-STATE ACTORS

In 2016, ISIS was found to have weaponised off-the-shelf commercial quadcopters, to drop grenades over Mosul. This marked a pivotal shift where non-state actors like ISIS were able to indulge into tactical airpower through employing drones for surveillance and strikes. Sander argues that cheap and easy availability enables persistent operations, creating a threat worldwide. Democratizing aerial warfare is no longer theoretical; it is a documented reality. 

This threat exacerbates even further with the development of artificial intelligence. AI enables a shift from manual remote-controlled devices to semi-autonomous systems capable of object recognition, navigation and many other features without continuous human input. The Russian Lancet loitering munition deploys a drone that is independently capable of identifying and crashing into targets, and has seen wide deployment in Ukraine. 

Figure 1: Illustration describing difference between Non-Autonomous and Autonomous Weapon System.

The scaling of autonomous units creates a new threat: the drone swarm. Operating as collective systems governed by shared algorithms, these swarms can make independent decisions and, as Lehto and Hutchinson note, can overwhelm air defences through sheer numbers, continuing to function even when individual units are destroyed.

Current IHL, premised on assumptions of human agency, is poorly positioned to deal with this automated violence. The ICRC argues that autonomy in target selection undermines the principles of distinction and proportionality since algorithms cannot make context-specific judgements, as laws of war require. And yet, diplomatic efforts remain stalled; the UN Group of Governmental Experts failed to agree on a binding definition of “meaningful human control.” For this reason, autonomous drone warfare currently expands within a dangerous regulatory vacuum. As drones transition from controllable tools to independent actors, responsibility becomes diffuse—setting the stage for the attribution crisis explored in the next section.

ATTRIBUTION & RESPONSIBILITY: WHO IS THE PERPETRATOR?

In traditional warfare, liability is linear and traceable: a commander authorizes force, a soldier executes it, and responsibility follows the chain of command. However, it becomes difficult to trace liability in AI-enabled warfare. AI integrated systems function through a distributed and opaque chain involving developers, dataset curators, and model architects. As Demir argues, the involvement of such non-sentient agents capable of “unpredictable, emergent behaviour” dismantles the existing accountability framework, creating a “responsibility vacuum” where the system functions as an intervening cause rather than a mere instrument. Opacity, adaptability and behavioural drift allow developers to avoid liability for specific lethal outcomes as a weapon’s actions may evolve post-deployment. 

Limits of Attribution Under the Tallinn Manual

  • The Tallinn Manual on the International Law, applicable to Cyber Warfare establishes that state responsibility applies only when conduct is attributed to the state.
  • Rule 17’s “effective control” requirement becomes unworkable when AI acts unpredictably or autonomously.
  • Rule 21’s “due diligence” is undermined by the decentralized and open-source nature of AI development, which makes origin or jurisdiction difficult to establish.

Erosion of State Monopoly and Accountability

  • Existing legal structures presume states hold the monopoly on force, yet AI now enables private actors to wield military-grade capabilities.
  • UNIDIR Swarm Robotics Brief shows, drone swarms function through distributed autonomy, making perpetrators difficult to trace. 
  • The ICRC warns that such systems undermine the human judgement essential for accountability. 
  • AI does not just alter methods of warfare; it destabilizes the legal order grounded in intent, traceability and human control.

TOWARDS AN INTERNATIONAL DIGITAL ARMS FRAMEWORK

  1. Export Control Law must evolve to recognise Digital Arms

While traditional arms control is designed for hardware, the AI weaponisation takes place in the intangible realm of code and datasets. Even though frameworks like the Wassenaar Arrangement, regulate specific items like “intrusion software,” they still fail to capture emerging threats such as AI-generated munition blueprints or swarm algorithms. Pollard argues, this “Intangible Technology Transfer” renders border-based enforcement obsolete, allowing lethal capabilities to traverse the globe instantly. It is now the need of the hour to expand the definition of weaponry to include “Digital Arms.” 

2. Accountability Requires Traceability in AI Weapon Systems  

NIST standards emphasize that the prerequisites for accountability in AI systems are “auditability” and lifecycle documentation. Cornell researchers advocate for strict “traceability” obligations for high-risk AI, including watermarking and provenance tracking to verify origin.

For example, a recovered blueprint can be traced to a model through logs, and verification requires tracking model lineage and code changes.

3. Global Governance should build on the CCW through a Digital Geneva Layer

Article 36 of Additional Protocol I, requires new weapons to be reviewed by states for compliance, which extends to “autonomous functions.” However, with current UN GGE negotiations being stalled by geopolitical competition and definitional disputes, creation of new protocol becomes needful. Such a framework must adopt the ICRC’s call to prohibit unpredictable systems and regulate “autonomous critical functions” to ensure meaningful human control.

CONCLUSION

In the weaponisation case of AI, we have revealed a world where ability is no longer defined by accessibility to factories, armies or borders, but by data, computation and diffusion. Blueprints turn into weapons, code into intention and autonomous systems challenge traditional assumptions regarding control and responsibility.

As these technologies blur distinction between civilian and military use, the principles of international law are pressed and stretched to the limits to which they were never designed to face. AI does not just supplement new tools of war; it transforms the very structure in terms through which force, responsibility and legitimacy are perceived.