DocsQuick StartAI News
AI NewsNational Security Department Flags Risks of “AI Relay Stations” — This Grey Market Should Cool Down
Industry News

National Security Department Flags Risks of “AI Relay Stations” — This Grey Market Should Cool Down

2026-06-08T01:04:37.382Z
National Security Department Flags Risks of “AI Relay Stations” — This Grey Market Should Cool Down

The Ministry of State Security issued a statement today warning about data security risks in AI relay stations, highlighting issues such as naked data transmission, model shrinkage, and malicious implantation. This business, operating in a grey area and serving millions of developers, has finally come under regulatory scrutiny.

Ministry of State Security Highlights Risks of “AI Relay Stations” — This Grey-Market Business Should Cool Down

Today (June 8), the Ministry of State Security issued a direct statement warning about data security risks posed by AI API relay platforms. The language was strong: “data running naked,” “privacy leaks,” “malicious implants,” “uncontrolled cross-border data transfers.”

This is not a routine cleanup by the Cyberspace Administration — it’s the Ministry of State Security stepping in. The signal is clear: this grey-area AI relay business has caught their attention.

What is an AI Relay Station?

In plain terms, it’s an API broker. You want to call GPT-4o, Claude 3.5, Gemini — the official channels either require foreign payment methods, enterprise qualifications, or simply aren’t open to individuals. Relay stations take care of all that: one key to access all models, recharge via Alipay or WeChat Pay, prices 30%–50% cheaper than official rates.

For developers, it’s a must-have. Building an AI application doesn’t mean you can integrate every model’s SDK, manage separate bills, and handle cross-border payments. Relay stations handle all the messy work — you just call a unified OpenAI-compatible endpoint.

How big is this market? Conservatively, there are at least hundreds of relay platforms in China, serving hundreds of thousands of developers and millions of end users. Platforms with high monthly turnover can reach tens of millions RMB; smaller ones make hundreds of thousands.

Diagram illustrating AI Relay Station architecture, showing the three-layer structure: user — relay station — official API

What Specific Issues Did the Ministry of State Security Raise?

1. Data Running Naked, Privacy Leaks

Relay stations are a middle layer — every prompt you send to GPT, every uploaded document, passes through their servers.

The ministry put it bluntly: “Some relay stations lack proper data encryption and control mechanisms; some even secretly collect user data and sell it to other large-model factories for system training.”

This is not alarmism. Last year, developers discovered that a certain relay platform’s logs stored all user conversations in plain text — including API keys, business data, and sensitive client information. More egregiously, some platforms directly packaged and sold these datasets to domestic large-model developers for training corpora.

You think you’re chatting with Claude, but in reality your data has already been sold three times.

2. Model Downgrading, Distorted Results

This is an open secret in the industry.

You call gpt-4o, but the relay’s backend might actually run gpt-3.5-turbo or even a domestically developed open-source wrapper. Ordinary users can’t tell — costs drop 70%, profits double.

The ministry’s wording: “Using low-spec models to pass off as high-end models, reducing compute supply, disabling verification functions, resulting in outputs with large deviations and poor logic.”

We’ve tested top relay platforms: the same prompt yields wildly varying output quality. Some respond suspiciously fast — clearly local models; some outputs are visibly stitched, with severe logical breaks.

Worse yet, some platforms don’t fully support API parameters. You set temperature=0.1, but the backend ignores it — and you’ll never know.

3. Malicious Implants, Remote Control

The ministry mentioned “hidden backdoors,” “malicious code implantation,” “theft of account keys and cloud credentials,” “remote control of programs.”

Technically, this is not hard — in fact, it’s too easy. Relay stations return not just JSON data, but may slip in hidden payloads:

  • Inject tracking scripts in API responses to collect your business logic and data flow
  • Tamper with returned content to insert malicious links or phishing messages
  • Use SSE (Server-Sent Events) streaming to push remote commands

If your application directly displays API return content to users — congratulations, you may already be a relay station’s botnet node.

4. Cross-Border Data, Loss of Control

This is the ministry’s biggest concern.

Many relay stations cut costs by deploying servers abroad or using overseas cloud providers. You think data circulates domestically, but in reality it’s already crossed borders — without any compliant cross-border security assessment.

Worse still, some relay stations directly “pass water” (route) user data to overseas large-model providers, then return the results. During this process, which countries the data passes through, which entities intercept it — entirely uncontrollable.

If your app involves trade secrets, user privacy, or national security-related data, using a relay station is data-naked running.

Why Have Relay Stations Survived Until Now?

Simply put: market demand plus regulatory vacuum.

Demand side:

  • Official APIs are unfriendly to individual developers — high payment barriers, strict review, cross-border hassles
  • Domestic large-model capabilities still lag; many scenarios require GPT or Claude
  • Developers need flexible model switching, and official channels don’t offer one-stop solutions

Supply side:

  • Low technical barrier — set up a reverse proxy and you have a relay; costs are near zero
  • Large profit margin — official API prices are transparent; relays can freely set prices
  • Regulatory ambiguity — no clear legal definition of this business’s legality

Over the past two years, AI relays have grown wildly in this grey zone. Big platforms pull in tens of millions monthly; small ones hundreds of thousands. The overall market size may already exceed a hundred million RMB.

Trend chart of AI Relay Station market growth, 2023–2026

How Will This Crackdown End?

A statement from the ministry means this is not just an industry cleanup, but elevated to a national security level.

Referencing the Cyberspace Administration’s April “Clear and Bright · Rectifying AI Application Malpractices” campaign, this crackdown on relays will likely go through several phases:

Phase One: Platform Self-Inspection and Rectification

The ministry has outlined clear requirements:

  • Choose legitimate platforms with clear operation qualifications and security guarantees
  • Strengthen security measures: data masking, key management, disable unnecessary functions
  • Timely handle anomalies: disable or change keys, preserve evidence
  • Report suspicious clues via the 12339 reporting platform

This means relays without qualifications, with weak security, or chaotic data management must either quickly rectify or shut down.

Phase Two: Law Enforcement Cleanup

Expect a wave of case exposures: platforms fined for data breaches, teams investigated for illegal operations, developers held accountable for using non-compliant relays resulting in leaks.

The regulatory logic is simple: first kill a chicken to scare the monkeys, then tighten gradually.

Phase Three: Industry Norms Issued

Long-term, AI API relay business won’t disappear, but will come under strict regulation:

  • Mandatory operation qualifications, similar to payment licenses or ICP filing
  • Cross-border data transfer must go through security assessment — no unauthorized transmissions
  • Platforms must offer encryption, audit logs, user access controls
  • Establish a blacklist — non-compliant platforms permanently banned

This benefits top platforms, but spells doom for small players and grey-market operators.

What Should Developers Do?

If you’re using a relay station, now is the time to:

Immediately Check Risks

  • Check whether your platform has operation qualifications, encryption, and security auditing
  • Confirm whether data crosses borders and where servers are located
  • Review API logs for suspicious requests or signs of leaks

Migrate to Compliant Solutions

Frankly, there are very few fully compliant relay platforms in China right now. Most are either rectifying or planning to shut down.

If you must use overseas models, safer options are:

  1. Official Direct Connection: While cumbersome, it ensures security. GPT, Claude, Gemini all support APIs — use foreign payment methods to solve this.
  2. Domestic Compliant Platforms: Choose platforms with legitimate qualifications, no cross-border data, and security guarantees. Some deploy domestically combined with compliant data channels, enabling overseas model calls while meeting regulations.
  3. Domestic Model Substitutes: If you don’t heavily rely on GPT, domestic models are good enough in many scenarios. Open-source models like DeepSeek, Qwen, GLM are catching up fast, with lower costs.

Strengthen Data Protection

No matter what platform you use:

  • Mask sensitive data — don’t send raw data directly to APIs
  • Rotate API keys regularly, set permissions and quota limits
  • Disable collaborative operations, data sharing, and other unnecessary functions
  • Monitor API call logs to detect anomalies in time

What Does This Mean for the Industry?

This announcement essentially draws a red line for AI application data security.

Over the past two years, AI exploded in growth, with regulation lagging behind. Developers prioritized speed — using whatever was convenient — ignoring security and compliance. Relay stations exploited this window for quick profit.

Now the window has closed.

In the short term, many relays will shut down or pivot; developers’ call costs will rise; API convenience will drop. This is growing pain for the ecosystem — but long-term, it’s positive.

Only by safeguarding the bottom line of data security and compliant operation can AI applications truly scale and industrialize. Otherwise: today you save a few thousand yuan using a relay; tomorrow your data is sold; the day after, your users’ privacy hits trending topics; the next day, you receive a regulatory fine.

By any calculation, it’s not worth it.

For developers serious about building, this is a watershed moment: either embrace compliance and take the legitimate path — or stay rogue and wait to be cleared.

There is no third way.


References:

Related Articles

View All

Contact Us

We usually reply quickly during business hours

Scan WeChat

Support: Hub Assistant

WeChat ID: