Free AI Tool Scams Exposed: Deconstructing Traffic-Funneling Tactics and Risk Prevention Guide
Exposing the tactics and risks behind free AI tool traffic-funneling videos on Bilibili
This article analyzes AI tool traffic-funneling videos on Bilibili that attract users with titles like "restriction-breaking" and "no-refusal." The scam follows a three-step pattern: building a public welfare persona to lower defenses, using "under attack" narratives to garner sympathy, and funneling users to private channels via keys/invitation codes. The article highlights the unsustainable economics of truly free high-cost AI services and warns users about data leaks, account theft, and legal compliance risks.
Event Overview
Recently, a typical category of AI tool traffic-funneling videos has appeared on Bilibili (B站), attracting clicks with highly enticing titles like "Lawless Mode," "Restriction-Breaking Prompts," and "Exclusive Tavern No-Refusal." The video creators claim to have built free "full-power AI tools" and use a carefully orchestrated "victim narrative" to garner sympathy and drive traffic.
Here, "Tavern" refers to SillyTavern — an open-source AI roleplay frontend interface project that allows users to connect various large language model APIs for character roleplay conversations. A massive community ecosystem has formed around SillyTavern, where users create and share AI character cards for immersive fictional dialogue experiences. Since roleplay scenarios naturally involve greater creative freedom, some users pursue "no-refusal" experiences (where the model never rejects any request), which has spawned a large gray market of "uncensored API relay" services. These relay services typically use stolen API keys or exploit platform vulnerabilities to obtain free quotas, and users' conversation content is fully exposed to the relay service operators, posing serious privacy leak risks.
This article will deconstruct the common tactics used in these videos from a content analysis perspective, helping readers identify potential risks.
Deconstructing Typical Tactics of Free AI Tool Traffic Funneling
Step 1: Building a "Public Welfare Persona" to Lower Defenses
At the beginning of the video, the creator emphasizes that what they've built is a "full-power AI tool with unlimited uses and zero cost," claiming they "haven't charged a single cent or accepted a single advertisement." The purpose of this persona is clear — to lower users' guard and make them feel the creator is doing charity work.
However, in reality, operating a high-concurrency AI inference service requires massive computational costs. Taking GPT-4-level models as an example, API call fees are in the range of tens of dollars per million tokens. Specifically, OpenAI's GPT-4 Turbo model API costs approximately $10 per million input tokens and $30 per million output tokens. While domestic models of equivalent capability may have slightly different pricing, they're in the same order of magnitude. An active user's daily conversations might consume tens of thousands of tokens, and if thousands of active users are using the service simultaneously, API costs alone could reach tens of thousands to hundreds of thousands of RMB per month. This doesn't even include server bandwidth, operations personnel, frontend development, and other additional costs. Even deploying open-source models independently requires high-performance GPU servers (such as NVIDIA A100/H100), with single-card monthly rental exceeding 10,000 RMB.
A truly "unlimited" free service easily costs over 10,000 or even hundreds of thousands of RMB per month. How can someone who claims to be an "ordinary developer" afford such expenses? Any AI service claiming to be "completely free and unlimited" without a transparent explanation of funding sources deserves scrutiny regarding its true commercial intent. This fundamental logical question is worth pondering.
Step 2: Creating a "Persecution" Storyline to Garner Sympathy
The core narrative of the video is "suffering 1.2 million malicious request attacks," with the attackers pointed at "competitors selling reskinned websites and AI courses."
Examining the credibility of this claim from a technical perspective: In the cybersecurity field, DDoS (Distributed Denial of Service) attacks are indeed a common threat to web services, where attackers control large botnet nodes to send massive requests to target servers, preventing them from responding normally to legitimate users. However, 1.2 million requests isn't a particularly large scale for a web service with basic protection — CDN providers like Cloudflare intercept attack request volumes far exceeding this daily. More notably, the narrative of precisely attributing the attackers to "competitors selling reskinned websites" itself lacks technical basis, as DDoS attack attribution is extremely difficult — even professional security teams struggle to determine the attacker's true identity and motivation in a short time. This precise attribution resembles a rhetorical device serving the narrative rather than a factual statement based on technical investigation.
This narrative serves several purposes:
- Creating urgency: Making users feel this resource could disappear at any time
- Triggering sympathy: Soliciting likes, favorites, and follows (engagement metrics)
- Rationalizing barriers: Laying groundwork for subsequent "key acquisition" steps
Step 3: Funneling to Private Channels for Traffic Harvesting
The key operation at the end of the video is — directing users to "get the key from the pinned comment." This is the core conversion node of the entire funnel.
Here it's important to understand the core internet marketing concept of "private domain traffic": Private domain traffic refers to a user traffic pool that businesses or individuals can directly reach, repeatedly utilize, and access without payment. Typical carriers include WeChat Official Accounts, personal WeChat accounts, QQ groups, and enterprise WeChat communities. In contrast is "public domain traffic" — the organic traffic on platforms like Bilibili, Douyin (TikTok China), and Xiaohongshu (RED). The conversion from public to private domain is the most critical step in the entire funneling chain, because once users enter the private domain, operators can repeatedly push messages and conduct multiple conversions without being constrained by platform algorithms and rules. This is why many funneling videos set up intermediate steps like "keys" and "invitation codes" — these steps are essentially threshold designs for private domain entry points, aimed at filtering high-intent users and depositing them into controllable communication channels.
Typically, these pinned comments guide users to:
- Follow an official account or join a group chat
- Fill in personal information to obtain an "invitation code"
- Share the video with friends to unlock access
Regardless of what the final landing page is, the essence of this process is traffic harvesting using free AI tools as bait.
Potential Risk Analysis of Using Unknown AI Tools
Data Security Risks
When using "free AI tools" of unknown origin, your conversation content and personal information may be fully recorded. The "restriction-breaking" and "no-refusal" features implied in video titles particularly suggest that these platforms likely lack basic content security review mechanisms.
So-called "restriction-breaking" or "jailbreaking" in the AI field refers to using special prompt engineering techniques to bypass the built-in safety alignment mechanisms of large language models. Mainstream AI models undergo alignment processes like RLHF (Reinforcement Learning from Human Feedback) during training, making models refuse to generate harmful, illegal, or unethical content. "Restriction-breaking" tools typically use system prompt injection, roleplay frameworks, multi-turn conversation manipulation, and other methods to make models ignore these safety constraints. This not only violates the terms of service of virtually all AI service providers but may also violate regulations such as China's "Interim Measures for the Management of Generative AI Services." Platforms providing such services are themselves in a legal gray area, and users' conversation data has virtually no privacy protection on these platforms.
Account Security Risks
Some of these services require users to provide API keys or other platform account credentials, creating risks of misuse. An API key is essentially equivalent to your account access credential — once leaked, others can use your account quota to call AI services, and the resulting charges will be billed to you. Others may require installing browser extensions or client programs that could carry malicious code, including keyloggers, clipboard monitors, and more, further threatening users' overall digital security.
Legal Compliance Risks
So-called "restriction-breaking" essentially means bypassing AI service providers' safety policies. Users who generate non-compliant content using such tools may also face legal risks. According to China's current "Interim Measures for the Management of Generative AI Services," both service providers and users have obligations to ensure generated content does not violate laws and regulations. Users who employ technical means to bypass safety mechanisms to generate illegal content may need to bear corresponding legal responsibility.
How to Quickly Identify AI Tool Traffic-Funneling Scams
Here are several typical characteristics summarized to help you make quick judgments:
| Characteristic | Description |
|---|---|
| Exaggerated titles | Emotionally charged language like "lawless" or "who can resist" |
| Victim narrative | Claims of being attacked, suppressed, or framed by competitors |
| Emotional manipulation | "Give me a like to help me recover" or "As long as you're still here" |
| Private domain funneling | Keys or invitation codes require additional steps to obtain |
| Unreasonable costs | Providing high-cost services for free with no business model |
Practical Advice for Protecting Yourself
In the current era of rapid AI tool proliferation, there are indeed many excellent free open-source projects and community services. But distinguishing genuine open-source contributors from traffic-funneling accounts wearing a "public welfare" disguise requires us to maintain basic judgment.
A few simple anti-scam principles:
- Legitimate free AI services will publicly share code repositories and operating entities — for example, open-sourcing code on GitHub, disclosing server operator information, and providing transparent funding source explanations (such as sponsor lists or donation records)
- Genuine technical sharing doesn't require "keys," "passwords," or other private domain operations — the open-source community convention is that anyone can directly access documentation and download code
- Be wary of any "free tool" that requires personal information to use — legitimate services, even if registration is needed, will use standard OAuth authentication rather than collecting phone numbers, WeChat IDs, or other private information
- Prioritize official channels or well-known open-source projects — such as OpenAI's official API, Anthropic Claude, open-source models on HuggingFace, etc., which have clear privacy policies and data protection commitments
I hope everyone can protect their data security and privacy while enjoying the benefits of AI technology. When encountering suspicious traffic-funneling content, take a moment to think calmly: Is there really such a thing as a free lunch?
Related articles
Industry InsightsAI Product Development in Practice: Model Selection, Building Moats, and Paths to Commercialization
Practical strategies for AI product development: why not to train models from scratch, when to use APIs vs. fine-tuning, building product moats, and the full path from evaluation systems to commercialization.
Industry InsightsNo Product Fits Your Needs? Building It Yourself Is the Best Starting Point for Indie Developers
Can't find a product that fits? Building from personal pain points is the best entry for indie developers. Niche needs + AI tools = rapid product creation.
Industry InsightsOpenAI Codex Tutorials Mass-Copied on Bilibili, Highlighting AI Content Farm Problem
At least 9 Bilibili accounts mass-published identical OpenAI Codex tutorial videos, exposing content farm operations in the AI tools space.