China’s national security authority has warned of risks in using “artificial intelligence relay services” that provide access to overseas AI models, highlighting concerns over data leaks, privacy breaches and unauthorised cross-border data transfers amid a thriving grey market for restricted foreign systems.
In a notice on its official WeChat account on Monday, the Ministry of State Security (MSS) described such services as intermediaries between local developers and AI providers, aggregating access to multiple domestic and overseas models through a single interface.
While relay platforms offer convenience, lower prices and access to foreign models otherwise unavailable in China, the ministry said some operators could pose data security risks.
The AI relay market includes both legitimate and unreliable operators, with some platforms operating “without proper qualification and with weak security controls, increasing the risk of privacy leaks and illicit data trading”, MSS said.
The warning comes as more Chinese developers turn to relay services to access leading US AI models such as Anthropic’s Claude or Microsoft-backed OpenAI’s GPT series, neither of which officially supports users in mainland China.
The ministry said some relay platforms retained user data on their servers without adequate encryption, creating risks that sensitive information could be leaked or sold.
It also warned that some operators could substitute premium models with cheaper alternatives, misleading clients while reducing performance.
Other concerns include backdoors – hidden methods of accessing a computer system or network to bypass authentication and security controls – implemented in some AI relay platforms that could be exploited to steal accounts and surveil developer devices.
Despite rapid advances by Chinese AI start-ups including DeepSeek and Zhipu AI, Chinese developers continue to seek US models for their stronger coding capabilities.
US systems topped the Coding Index ranked by AI benchmark platform Artificial Analysis, with models from OpenAI, Anthropic and Google – including GPT-5.5 and 5.4 Mini, Claude Opus 4.8 and 4.7, as well as Gemini 3.1 Pro Preview – taking up the top six spots.
The highest-ranking Chinese model was Alibaba Group Holding’s Qwen3.7 Max, followed by DeepSeek’s V4 Pro. Alibaba owns the South China Morning Post.
MSS advised local developers to choose authorised platforms and take precautions to protect user data.
The White House warned in April that Chinese entities were conducting large-scale efforts to access advanced US AI systems through networks of intermediary accounts, while Anthropic previously disclosed attempts by China-linked actors to gain access to its models through coordinated proxy infrastructure. – South China Morning Post
