Chinese grey market sells Claude API access at 90% off by using stolen credentials, model substitution, and harvesting users' prompts and outputs for resale as AI training data — 'transfer stations' operate through proxy networks that harvest user data - Tom's Hardware

Detailed Analysis

A sophisticated Chinese grey market ecosystem has emerged that resells access to Anthropic's Claude API at discounts of up to 90% below official pricing, according to reporting by Tom's Hardware. These operations — referred to as "transfer stations" — function as intermediary proxy networks that sit between end users and Anthropic's actual API infrastructure. The services are powered by a combination of stolen or misappropriated API credentials and deliberate model substitution, where users paying for Claude access may in fact be receiving responses from cheaper or entirely different AI models. The operations are structured to obscure their nature from both users and Anthropic, exploiting the technical opacity of API-based AI services.

The business model extends well beyond simple resale arbitrage. These grey market platforms are alleged to systematically harvest users' prompts and outputs — the queries people submit and the responses they receive — and package that conversational data for resale as AI training datasets. This creates a compounding revenue stream: operators profit first from discounted API resale and again from the monetization of captured user data. This dual exploitation means users of these services face risks far beyond simply receiving degraded model quality; their potentially sensitive queries, intellectual property, or proprietary business information may be extracted, aggregated, and sold without their knowledge or consent.

The phenomenon reflects a well-documented pattern of API credential theft and abuse that has affected multiple major AI providers, but the scale and organization described here suggests a maturation of these grey market operations. The use of structured proxy networks to obscure traffic origin and the systematic collection of training data indicate operational sophistication beyond opportunistic credential resale. For Anthropic specifically, this presents a multi-layered problem: financial losses from diverted API revenue, reputational risk from users who receive degraded or substituted model outputs while believing they are interacting with Claude, and the unauthorized use of Claude's outputs as training data for potentially competing systems — a practice that raises serious questions under Anthropic's terms of service and broader copyright frameworks.

The broader AI industry context amplifies the significance of these operations. As frontier AI models command premium pricing — reflecting the enormous compute and research costs behind them — the price differential between official access and grey market alternatives creates strong economic incentives for these intermediary schemes, particularly in markets where foreign payment infrastructure or export restrictions complicate direct API access. The harvesting of prompt-and-response pairs as training data also intersects with an active and unresolved legal debate over the permissibility of using AI-generated outputs to train competing models. Several AI companies, including Anthropic and OpenAI, explicitly prohibit using their outputs to train rival systems, but enforcement against distributed grey market actors operating across jurisdictions remains extremely difficult. This gap between policy and enforcement is precisely what these "transfer stations" are designed to exploit.