27k unique visitors in the last 3 days

AI Needs RA More than RA Needs AI

SMS farms are being used to gain API access to the Claude LLM at one-tenth of the correct price. There has always been more to learn about revenue assurance than corporations care to learn.

Plus ça change, plus c’est la même chose

The more things change, the more they stay the same

Jean-Baptiste Alphonse Karr

I was reading this article by Zilan Qian, a research associate at the Oxford China Policy Lab about the use of ‘transfer stations’ to give Chinese citizens access to Claude at 10% of the original price, and I was struck by a depressing insight. When it comes to businesses getting taken for a ride by canny customers who will use ingenious methods to obtain a bargain, nothing bloody changes. Consider the following sequence of events.

  1. A thrusting, young and well-capitialized technology business chases revenue growth without caring about profit — a bit like a newly-launched mobile network operator 30 years ago, or developers of large language models (LLMs) today.
  2. It does not have mature controls over how it collects payment, so some customers take advantage, and tell each other how to take advantage.
  3. There are then some slight improvements in the controls to tackle the most obvious causes of revenue leakage.
  4. But now the customers have trained themselves to find ways to obtain a service without paying the full amount. Some of these customers will have moved up the food chain and have created business models based on fraudulently obtaining the service and reselling it at far below the official price.
  5. A kind of slow-motion arms race ensues, where the development of anti-leakage and anti-fraud controls always lag behind the innovation of individuals and businesses that exploit the weaknesses in those controls.
  6. The people who spend 30 years trying to persuade their businesses to tighten controls can only console themselves by saying their career is analogous to ‘playing whac-a-mole’.
  7. And then the cycle repeats as if nothing was learned from the previous iteration.

It is fascinating to read about the specific ways that Chinese users of Claude, the LLM developed by Anthropic, obtain access. The arc of the story is also tediously familiar. The use of Claude in mainland China is banned by Anthropic but the firm’s geoblocking, phone verification, credit card and biometric know-your-customer (KYC) checks are not only being defeated. The access obtained by the criminals is sold at a cheaper price that Anthropic sells it. Anthropic knows they are the victim of fraud; they announced in February 2026:

We have identified industrial-scale campaigns by three AI laboratories — DeepSeek, Moonshot, and MiniMax — to illicitly extract Claude’s capabilities to improve their own models. These labs generated over 16 million exchanges with Claude through approximately 24,000 fraudulent accounts, in violation of our terms of service and regional access restrictions.

However, Qian argues that Anthropic has failed to grasp the scale of the problem.

Underneath the handful of labs sits a much larger market, one that has been operating in public on GitHub, Taobao, Twitter, and Telegram. It is a grey economy of API proxies (commonly called “transfer stations,” 中转站) that lets Chinese developers access Anthropic’s models at as low as 10% of the official price. The participants extend far beyond selective experienced AI researchers, and the motivations are much broader than building a frontier model to catch up. Everyone who wants to use more advanced AI models or tools, be they university professors and students, tech workers, individual developers, or hobbyists, uses API proxies. The logs they generate may have become a commodity, traded for purposes ranging from model training to targeted fraud.

The revenue leakage has ramped up because it involves multiple cybercrime-as-a-service operations that each specialize in their own portion of the theft of Anthropic’s service.

Almost no one operates the full chain. Most participants own one or two links and monetise those well, resulting in a resilient, modular system. AI model providers can suspend individual operators, but the upstream account pools and downstream customer base remain intact. So long as there are developers who want access to Claude and identity black markets willing to supply the credentials, which are both durable features, a replacement can be stood up quickly.

Veteran telco risk managers may be shaking their heads as they recognize just how familiar the criminal pattern is. Social media is used to advertise the cybercrime services. These include services which concentrate on defeating KYC checks. They may do this using synthetic IDs, while others purchase the identities of genuine people.

Agents travel to lower-income countries in Africa or Latin America to recruit real individuals willing to complete in-person verification. The Worldcoin black market offered a documented precedent, with iris scans harvested from KYC merchants in Cambodia and Kenya, sold for under $30.

Access via the API is not just sold at the price that Anthropic would impose. Other tricks let criminals reduce the price charged to the customers of the cybercrime service. Many of these tricks will be familiar to old telco RA pros, such as:

  • Exploiting the free credit allowance given as an incentive to new users
  • Falsely claiming discounts for educational use
  • Exploiting price differentials by obtaining high-volume flat-rate plans and then selling usage at low rates to multiple low-volume users
  • Purchasing service with stolen credit cards
  • Cheating the end user by baiting them with promises of a high-quality service (a more advanced LLM model, the metaphorical equivalent of a high-quality voice line) and then giving them access to a less advanced model/lower-grade service instead
  • Cheating the end user by mis-recording usage to exaggerate how much has actually been used

The use of proxies also gives rise to other forms of exploitation. The logs on the proxy server are also valuable data — and they can include personal information. This leads to follow-on opportunities involving the training of LLMs. It also means users obtaining cheap access to Claude put themselves at risk of being defrauded or blackmailed.

And sadly, telcos have been enabling these crimes too. Regular readers may get bored of me observing the number of ways that ‘authenticating’ users with a one-time password (OTP) sent by SMS has led to undesirable consequences for everybody but the firms that make money from A2P SMS. For example, it has encouraged the assembly of massive SIM farms that procure thousands of SIM cards just to receive the OTPs needed to generate an endless stream of bogus online accounts. Being the astute reader you are, you have already concluded that these are also being used to create accounts for Claude and other LLMs.

If we were to grade business sectors by the quality of their revenue assurance and fraud management controls, then the financial sector is the gold standard and telecoms is sloppy by comparison. But at least telcos are not as sloppy as internet platforms, and the new AI giants will be the sloppiest of all. This is ironic, given how many tech businesses want to claim AI is the best antidote to crime. They think the solution always involves looking for anomalies in data, and so refuse to learn the most important lesson of all: anomalies are never found in the data that nobody was able to compile or the data that nobody thought to review. Is anyone asking about the geographical spread of iris scans? People who work in the creative industries tend to scorn AI because it does not possess imagination. There is another kind of enterprise where the practitioners also have an incentive to be more creative than any machine: criminal enterprises.

As I grow older, I find myself admiring the way criminals take old ideas and reimagine them for a new era. When they take the fundamentals of a telecoms bypass fraud and repurpose them for API proxies and LLM tokens the result is analogous to a modern-day musician taking a loop from a 1930’s blues song and turning it into a dance-floor hit. That might encourage hope among the good people who have worked in telecoms revenue assurance for decades, but who are being made unemployed because AI can supposedly do their jobs at a fraction of the cost. Experienced revenue assurance and fraud management professionals should be offered new roles preserving the revenues of businesses like Anthropic that did not exist a decade ago. But perhaps that is expecting too deep an understanding of the world from the latest generation of tech visionaries. Plus ça change, plus c’est la même chose.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email