How Chinese developers bypass restrictions to access top US AI models - South China Morning Post

Detailed Analysis

Chinese developers have found multiple workarounds to access leading American AI models despite the tightening web of export controls and access restrictions that US policymakers and technology companies have erected in recent years. Common methods include routing API requests through third-party intermediaries based in jurisdictions not subject to the same restrictions — such as Singapore, Hong Kong, or the European Union — as well as purchasing access through reseller networks that obscure the end user's geographic identity. Some developers also leverage cloud platforms that have not yet fully implemented geofencing measures, effectively exploiting gaps in enforcement rather than the underlying policies themselves.

The issue sits at the intersection of US export control law, corporate terms-of-service enforcement, and the broader competition for AI supremacy between Washington and Beijing. The Biden administration's "AI diffusion rule" and subsequent entity-list additions were designed to prevent advanced American AI capabilities from being used to accelerate Chinese military modernization or to help Chinese firms build competitive domestic alternatives. Yet digital goods are notoriously difficult to restrict compared to physical semiconductors, and the patchwork of enforcement mechanisms — which relies heavily on the cooperating companies themselves — creates structural vulnerabilities. OpenAI, Anthropic, Google, and other frontier model providers have increased their verification requirements, but determined actors can circumvent identity checks with relative ease given the global availability of payment infrastructure and cloud accounts.

This phenomenon reflects a fundamental asymmetry in the US technology restriction strategy: hardware controls, particularly the restrictions on advanced Nvidia chips, are far more enforceable than software or API-based controls because physical goods can be inspected at borders. Software and model weights, by contrast, exist as data that flow across networks and can be accessed remotely with minimal friction. The South China Morning Post's reporting underscores how Chinese developers — from independent researchers to employees at larger firms — view access to frontier US models as essential for benchmarking, learning prompt engineering practices, and building downstream applications, creating strong economic incentives to work around restrictions.

The broader trend points to a widening gap between the stated goals of US AI policy and its practical implementation. While lawmakers and regulators debate more stringent controls, including potential licensing regimes for API access, the speed of policy development lags well behind the agility of developers finding workarounds. This dynamic also complicates the competitive calculus for American AI companies, which simultaneously face government pressure to restrict Chinese access and business incentives to grow global user bases. The situation is likely to intensify as frontier models become more capable and their dual-use potential — for both civilian productivity and national security applications — becomes more pronounced, forcing a more serious reckoning with how digital AI capabilities can realistically be contained.