Crucially, these platforms are designed to help users in mainland China sidestep restrictions on foreign AI services that do not officially offer support in the country . By acting as a proxy, the relay service processes the user’s request, sends it to the chosen foreign model, and returns the response, all while providing a domestic user experience.
The appeal of these platforms is straightforward and powerful, explaining their rapid growth:
However, the MSS notice makes it clear that beneath this convenient surface lie severe and multi-layered security problems.
The ministry’s warning outlines a cascade of risks that range from negligent data handling to outright malicious attacks.
1. Unqualified and Insecure Operators
Many of the platforms operate in a regulatory vacuum—without proper business registrations or the required operating licenses. Their security controls are correspondingly weak, which raises the immediate risk of privacy breaches and opens the door for the illicit trading of user data .
2. Unencrypted Data Storage and Resale
Because AI relay platforms are gateways, all user-submitted data is stored on their servers. The MSS warned that some platforms fail to adequately encrypt this data. More alarmingly, it also highlighted that unscrupulous operators may retain user prompts without authorization and resell them to other AI model developers for training purposes, turning sensitive queries into a shadow commodity .
3. Illegal Cross-Border Data Transfers
A foundational concern is the unauthorized transmission of data overseas. The MSS noted that many relay services have not completed China’s legally mandated security assessments before sending user inputs to foreign servers. The notice explicitly warns this can lead to the leakage of personal privacy, business secrets, and even state secrets .
4. Backdoor and Malware Attacks
The platforms themselves may not always be the only threat. The MSS cautioned that malicious actors can implant backdoors into some relay services. Once compromised, a platform could be used to deliver malicious code, steal user account credentials and cloud access keys, or even deploy remote-control programs for persistent surveillance and long-term data theft .
5. Model Substitution and Degraded Outputs
Beyond security, there is an integrity risk. The ministry found that some operators, in a bid to cut costs, secretly substitute lower-end models for the premium ones users believe they are using. Others may cut computing resources or disable verification functions, leading to less accurate or logically inconsistent outputs that could mislead decisions .
China’s warning is not an isolated alert but part of a broad regulatory clampdown. In recent years, the MSS has issued a series of warnings on AI-related threats including data poisoning , token theft
, and the leakage of sensitive information through AI writing tools
, signaling that the state sees the ungoverned AI supply chain as a critical new frontier in national security.