I'm presently assisting an airline with a similar issue to what's going on here. But I can *assure* you, even though I don't work for AAG or know anyone in their corporate security department, that just using a VPN isn't *enough* of a flag to warrant a review/cancel/etc. Its a NUMBER of factors. But using a VPN that's seeing high Mileage Plan bookings/redemptions is just *one* of the flags or triggers. That doesn't mean that using my OpenVPN for Fresno or Eureka, CA (for example) will trigger a cancel. Its just ONE thing they are monitoring.
Delta uses the same algorithms for when it went after, and fired, employees for using Delta SkyNet access for loads on Facebook groups & other places, including sharing their login to non-Delta staff & employees. Two concurrent logins lock your account. GoGo does the exact same thing, although GoGo is a bit more transparent in saying you can only use 5 devices in a month. It doesn't make public the fact it has geographical zones (to prevent sharing of your login).
So if you have a history with Alaska - MP membership with *accrual AND redemption*, actually FLY Alaska - you are fine.
Its the accounts with only redemption activity and non-airline earnings or little airline earnings that are on a high-risk list for fraud.