Satu Berita Banyak Persepektif
Security researchers from Kaspersky and legal experts from LegalVision warned global businesses on July 1, 2026, about severe operational, security, and legal risks associated with utilizing unverified third-party artificial intelligence proxies and relying exclusively on single AI providers.
A recent study by the Oxford China Policy Lab revealed that cheap intermediate AI proxies often utilize illicit account farming, stolen credentials, and compromised credit cards to bypass vendor limits and reduce costs. These unauthorized intermediaries capture corporate prompts, reasoning paths, and outputs, which exposes organizations to severe data leaks, intellectual property theft, and compliance violations under data privacy laws.
Furthermore, testing by the CISPA Helmholtz Center demonstrated that rogue proxies dynamically swap premium models for cheap open-source alternatives to maximize profit margins. When researchers sent a complex medical query directly to Google Gemini 2.5, it achieved an 83% accuracy rate, but the accuracy plummeted to 37% when routed through rogue proxies.
As an alternative to illicit channels, legitimate aggregation platforms like OpenRouter, Poe.ai, and Hugging Face offer transparent model routing aligned with official vendor rates. Organizations can also use self-hosted API proxies built on LiteLLM to maintain direct contracts with major AI vendors while centralizing internal security.
Meanwhile, commercial vulnerabilities also emerge when companies establish critical workflows around a single official AI supplier without proper legal safeguards.
“The main risk with any single provider dependency is losing control when something outside your business changes,” said Lauren McKee, Practise Leader at LegalVision.
“If the AI product is updated, the provider’s terms shift, or regulation catches up with how the tool works, you may find the platform you’ve built critical processes around is no longer fit for purpose, with no easy way out.”
McKee noted that corporate entities frequently overlook key contract terms when signing supplier agreements for AI tools, particularly regarding data ownership and liability limits.
“Check whether the provider can use your prompts or outputs to train their models, how they handle confidentiality and data security, whether they actually comply with privacy laws, what service levels they are committing to, and whether they are trying to unreasonably limit their liability if something goes wrong. Exit rights also matter. If the product changes or stops working for your business, you need to be able to retrieve your data and transition without being locked in,” McKee said.
LegalVision recommended that organizations establish documented fallback arrangements, registers of approved AI systems, and strict approval rules to limit unsanctioned AI use by internal staff.
“Organisations can reduce reliance by designing their AI use around business processes, not one provider’s product. SMEs should also set approval rules so staff cannot independently build critical workflows on unapproved tools,” McKee said.
The legal firm emphasized that operational continuity depends on preparing for rapid shifts in AI pricing, performance, and regulatory compliance.
“AI access can change quickly, and businesses should not build essential operations on assumptions they do not control,” McKee said.

Leave a Reply