# Chipotlai Max Hijacks Chipotle Chatbot for Free Inference > Source: > Published: 2026-06-04 21:54:49.538522+00:00 # Chipotlai Max Hijacks Chipotle Chatbot for Free Inference Chipotlai Max is an open-source project that hardcodes Chipotle's customer-support chatbot "Pepper" as a default model to provide free inference, according to the project's GitHub repository. The GitHub readme states Pepper is powered by **IPSoft Amelia** and that the project exposes a local proxy at http://localhost:3000/v1 requiring no API keys, listing provider chipotle-pepper and model pepper-1 (GitHub). Reporting by Gizmodo documents earlier reverse-engineering work by developer Maksim Soltan (GitHub handle @Gonzih) and a Brooklyn-based developer, Rob Dezendorf, who integrated the proxy into an open-source coding platform (Gizmodo). The GitHub readme and Gizmodo coverage both flag legal and operational risk, noting terms-of-service violations and that Chipotle could patch or block access (GitHub; Gizmodo). ### What happened Chipotlai Max is an open-source fork that ships **Chipotle's Pepper AI** as its default model, according to the project's GitHub repository. The GitHub readme describes Pepper as powered by **IPSoft Amelia**, identifies the default model as pepper-1, and documents a local proxy that exposes http://localhost:3000/v1 with any API key accepted, claiming a **$0.00** cost for inference (GitHub). Gizmodo reports that developer Maksim Soltan (GitHub handle @Gonzih) reverse-engineered the Pepper backend and that Rob Dezendorf integrated the proxy into the OpenCode platform, which led to wider attention for using Pepper beyond its intended customer-support use (Gizmodo). ### Technical details Editorial analysis: The GitHub project implements a local proxy and hardcodes a provider named chipotle-pepper, effectively routing OpenCode calls to a corporate support endpoint. The readme documents configuration values including provider, model, base URL, and a placeholder API key burrito-2026 (GitHub). Gizmodo describes the reverse-engineering as recovery of a WebSocket/SockJS + STOMP backend protocol, which enabled programmatic access without official API credentials (Gizmodo). These technical notes indicate the exploit surface is an exposed support chatbot backend rather than a leaked model artifact. ### Context and significance Public reporting frames this case as part of a broader pattern where consumer-facing corporate chatbots can be repurposed for general-purpose inference when their backends are discoverable. Gizmodo places the story in a sequence of viral discoveries of unexpected chatbot capabilities, and the GitHub project frames Chipotlai Max as a meme and educational proof of concept (Gizmodo; GitHub). For practitioners, the incident underscores operational security trade-offs when deploying powerful LLM-driven assistants on customer-facing channels. ### Risks and legal posture Chipotlai Max's readme explicitly warns of likely terms-of-service violations and potential legal response from Chipotle, and notes the proxy can break if Chipotle patches the service (GitHub). Gizmodo highlights ethical and legal questions raised by repurposing corporate compute and service endpoints for free inference (Gizmodo). ### What to watch Editorial analysis: Observers should monitor whether Chipotle or its vendor (IPSoft) issues public statements or technical mitigations, whether the support endpoint is rate-limited or patched, and whether similar reverse-engineering appears against other large retailers' chatbots. Industry practitioners will also watch for changes in vendor guidance around customer-facing LLM endpoints and any legal precedents resulting from enforcement actions. ### Bottom line This is a documented, publicly posted proof-of-concept that converts a corporate chatbot backend into a free inference provider, with clear technical notes and explicit legal-risk disclaimers in the project repository (GitHub) and explanatory reporting in Gizmodo. ## Scoring Rationale Notable operational-security story with concrete technical artifacts and public code. It matters to practitioners running customer-facing LLM endpoints but is not a frontier-model or industry-shaping release. Practice interview problems based on real data 1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with. [Try 250 free problems](/problems)