A deepening split in the global AI market is creating an ironic standoff: Chinese state security agencies are actively warning against the use of Western AI models, even as US enterprises increasingly adopt Chinese open-source alternatives for their cost and performance benefits.
China purges foreign AI on security grounds
According to TechRadar, China continues to purge both demand for AI chips from its ecosystem and foreign AI models, citing 'security risks' and privacy concerns. The starkest warnings come from China's Ministry of State Security (MSS), which has warned that users who leverage third-party tools and marketplaces to access highly sought-after compute resources from US-based AI models may be exposing themselves to security risks and potential backdoors for cyber espionage. The MSS pointed to inadequate encryption, bait-and-switch models, and even the potential retention of data as key concerns — aligning with the narrative of many US-based security agencies that sprang into action once models such as DeepSeek began gaining traction in domestic markets.
The cost appeal of Chinese models
Despite official hostility, US consumers continue to use models such as Alibaba's advanced Qwen 3.6, DeepSeek V4 Pro, and GLM 5.1 — all open-source models that allow for localized AI and cheaper hosted inference options than what OpenAI and Anthropic currently charge. The reason boils down to cost: not only do distilled models like those offered by DeepSeek cost a fraction of their peers, but they can also be deployed without any licensing cost on existing hardware. This has not stopped Chinese developers from doing the exact opposite — hunting for the cheapest way to access US-based models at a fraction of the cost.
Black-market API 'transfer stations'
Research published in May 2026 by Zilan Qian of the Oxford China Policy Lab documented a thriving ecosystem of API 'transfer stations' — proxy services operating openly on Taobao, GitHub, and Telegram that resell access to Anthropic's Claude models at as little as a tenth of the official price. Listings advertise unlimited Claude Code subscriptions, full-fat Claude Opus access, million-token context windows (no VPN required), and payment in RMB via WeChat or Alipay. The economics only work because bulk-registered accounts farm free credits, subscriptions are split across dozens of users, and credentials are bought with stolen credit card data.
| Access Method | Estimated Cost vs. Official Price | Security Risk |
|---|---|---|
| Official Claude API | 100% | Low (direct contract) |
| API transfer station (Taobao) | ~10% | High (third-party credentials) |
| DeepSeek V4 Pro open-source | Free + hosting cost | Medium (self-hosted) |
Geopolitical escalation
Both the Chinese and US governments are increasingly hostile to foreign AI. The White House continues to accuse Chinese developers of 'jailbreaking' or stealing data from US AI models. Meanwhile, the Chinese MSS warnings often backed by covert and overt actions by state agencies to ensure compliance. An example: while there is no blanket ban on importing Nvidia GPUs for AI training in China, the country widely discourages such imports. China now continues to build, upgrade, and redesign both its chipmaking and memory sectors on a war footing, much to the chagrin of Nvidia's CEO, Jensen Huang.
Implications for enterprise buyers
For technology procurement leaders, the takeaway is clear: AI model selection is increasingly entangled with geopolitical risk. Using Chinese open-source models may offer cost savings and deployment flexibility, but exposes enterprises to potential future restrictions if the US government pushes further restrictions on 'foreign AI'. Conversely, relying on US models from a Chinese base risks running afoul of MSS advisories that could escalate into enforcement. The current irony may be short-lived, as both governments appear ready to tighten the screws.
Sources:
