I’ve been deep in AI coding tools for months. Recently I started getting DMs from new “AI gateway” companies offering paid blog posts to test their tools.
The pattern is always the same: they ask you to install their gateway, route your real API keys through it, run real traffic, and write about it.
This is exactly what happened to me with Bifrost from Maxim AI (H3 Labs Inc.).
Here Is the Exact Timeline (With Receipts)
- April 20, 2026: Matthew Jacob from Maxim AI messaged me offering paid deep-dives on AI gateways and MCP.
- April 23: Pranay looped in Nakul. Nakul confirmed they pay $50–$60 per article.
- April 24–25: I submitted the outline, they approved it, and we locked in $60 for one article.
- April 25: I completed the full testing — installed their gateway + CLI, added real provider configs, connected MCP servers, enabled Code Mode, routed Ollama and coding agents, and delivered the complete 4,000+ word draft.
- April 26: I sent them the draft + direct PayPal invoice (INV2-3VF2-A6GW-Z2EP-WFYH).
- They told me they pay within 48 hours after the article goes live and asked me to publish Monday morning.
- April 27 (this morning): Nakul replied: “high priority issue… we are pausing all other activities for now including our collaboration.”
After I had already done all the work.
I immediately unpublished the article and moved it back to draft. Then I sent them this follow-up this morning:
“I completed the requested work based on the agreement and timeline we discussed… If you cancel after completion and do not pay, I will treat the article, notes, testing, and related material as my own work. I may publish factual follow-up posts about Bifrost… Since the article is already written and ready, I can publish it very quickly if needed.”
They still have not paid.
How Bifrost Actually Works as an API Key Harvesting Service
The entire product is built around one thing: getting you to route your real provider keys through their gateway.
You run:
npx -y @maximhq/bifrost
Then you go to their dashboard at http://localhost:8080 and add your OpenAI, Anthropic, Ollama, or any other keys.
Every single request from your coding agents, MCP servers, or CLI now flows through their control plane.
They get:
- Your actual API keys
- Every prompt and tool call
- Full usage logs
- Your project structure and MCP tool definitions
All while calling it “just testing for a paid blog post.”
This is not a normal open-source gateway. This is a key collection service disguised as helpful infrastructure.
American web devs are the perfect targets — we have real paid API credits, we run agents daily, and we’re often willing to “just try it” for $60.
There Is a Much Better Way: Real Caveman
While dealing with this I switched back to the real Caveman tool: https://github.com/juliusbrussee/caveman
It’s a Claude Code / Codex skill that makes your agent talk in ultra-compressed “caveman” style and cuts 65–75% of tokens with zero middleman.
No gateway.
No dashboard.
No company collecting your keys.
No one who can “pause the collaboration” after you already did the work.
Just install it with one command and your agent does more with less — no harvesting involved.
Final Warning
If a company reaches out and the deal requires you to:
- Install their gateway
- Put your real API keys into it
- Run your agents through their proxy
…they are not paying you for a blog post.
They are paying (or promising to pay) for access to your keys and your traffic.
I already completed the full testing and article they asked for. I have the notes, screenshots, commands, and everything.
If they do not honor the $60 invoice they agreed to, I will keep publishing the full factual story.
American indie devs should stop being the free key-harvesting farm for every new AI startup.
Stay safe out there.
Top comments (0)