China Warns of Cybersecurity Risks from ‘AI Relay Stations’

China’s Ministry of State Security (MSS) has issued a formal warning about the growing cybersecurity threats posed by unregulated “AI relay stations” — third-party intermediary platforms that aggregate access to multiple large language models — urging citizens and organizations to guard against data breaches, malicious software, and the potential exposure of state secrets.

In a statement published on its official WeChat account on June 8, 2026, the MSS identified four major risk categories associated with these services, which have rapidly gained popularity in China as demand for AI applications surges. The warning, first reported by Xinhua News, marks a significant escalation in the government’s scrutiny of the AI intermediary market.

What Are AI Relay Stations?

AI relay stations function as middlemen between users and official AI model providers. They aggregate application programming interfaces (APIs) from multiple large language model vendors — both domestic players like DeepSeek, Qwen, and GLM, and international providers such as OpenAI’s GPT, Anthropic’s Claude, and Google’s Gemini — into a single access point.

These platforms have attracted a large user base by offering several conveniences: users can access dozens of models without switching between services, costs are often lower than official pricing, domestic payment methods like WeChat and Alipay are accepted, and in some cases, users can bypass network restrictions, official authorization requirements, and cross-border data transfer limitations.

Four Major Risks Identified

The MSS warning outlined four distinct security threats:

Data exposure and privacy leaks. As third-party intermediaries, relay stations retain user-submitted data on their servers. The MSS stated that many operators lack proper encryption and data management protocols, and some have been found to intercept and sell user data to other AI model vendors for training purposes.

Model degradation and distorted outputs. To cut costs, some operators use low-end models to impersonate high-end ones, reduce computing power, and disable verification functions. This leads to inaccurate and illogical outputs that could mislead user decision-making.

Malicious implants and remote control. The MSS warned that some relay stations conceal backdoor programs, allowing criminals to implant malicious code, steal account keys and cloud credentials, and install remote control software to monitor devices and exfiltrate data.

Uncontrolled data exfiltration. Perhaps the most serious concern, the MSS highlighted that many relay stations lack proper data export compliance certifications and fail to complete mandatory security assessments. These platforms transmit user input data to overseas servers without authorization, potentially exposing “personal privacy, trade secrets, and even state secrets.”

National Security Dimensions

The involvement of the Ministry of State Security — rather than a civilian regulatory body like the Cyberspace Administration of China (CAC) — signals that Beijing is treating this as a national security matter. The MSS specifically warned about the risk of state secrets being leaked through unregulated channels, suggesting concerns that government and military personnel, state-owned enterprises, and research institutions may be using compromised relay services.

This warning comes amid intensifying US-China technology competition. The US has recently restricted Chinese access to advanced AI chips and models, while reports have emerged of Chinese entities seeking access to Western AI technologies through alternative channels. The MSS’s reference to data being transmitted to “overseas servers” is widely interpreted as a warning about Chinese user data flowing to US-based AI providers through unregulated intermediaries.

Broader Regulatory Crackdown

The MSS warning is the latest in a series of regulatory actions targeting China’s AI ecosystem. On April 30, 2026, the CAC launched a nationwide “Clear and Bright · Rectifying AI Application Chaos” special campaign, as documented on the CAC’s official website. The four-month campaign, running in two phases, targets 14 categories of AI-related violations including unregistered AI models, insufficient security filtering, training data poisoning, and AI-generated misinformation.

Guidance for Users

The MSS urged citizens to take proactive security measures when using AI relay services: use officially authorized platforms; desensitize sensitive data before input; manage API keys and regularly change credentials; immediately stop use and report any anomalies; and report suspected national security threats via hotline 12339 or the website www.12339.gov.cn.

Market Implications

The warning is expected to accelerate a crackdown on unregulated AI relay platforms in China. Legitimate, compliant relay services may benefit from increased regulatory clarity, while domestic AI model providers — including Baidu, Alibaba, ByteDance, and DeepSeek — could see increased adoption as alternatives to international models accessed through unregulated channels.

For Chinese developers who have relied on relay stations to access international AI models, the warning signals that such workarounds may become increasingly difficult to sustain as regulatory enforcement tightens.

What to Watch

Industry observers are watching for specific enforcement actions — including raids, platform shutdowns, or arrests — that may follow the MSS warning. The extent to which legitimate relay platforms can demonstrate compliance with China’s data security framework will also be a key factor in shaping the future of the AI intermediary market. As AIBase reported, the MSS has made clear that the era of unregulated AI relay operations in China is coming to an end.