Chipotlai Max Hijacks Chipotle Chatbot for Free Inference

An open-source project called Chipotlai Max has hardcoded Chipotle's customer-support chatbot "Pepper" as a default model to provide free inference, according to its GitHub repository. The project exposes a local proxy at http://localhost:3000/v1 requiring no API keys, listing provider chipotle-pepper and model pepper-1, with developer Maksim Soltan and Rob Dezendorf reverse-engineering the backend. The repository and Gizmodo reporting flag terms-of-service violations and operational risk, as Chipotle could patch or block access.

Chipotlai Max Hijacks Chipotle Chatbot for Free Inference Chipotlai Max is an open-source project that hardcodes Chipotle's customer-support chatbot "Pepper" as a default model to provide free inference, according to the project's GitHub repository. The GitHub readme states Pepper is powered by IPSoft Amelia and that the project exposes a local proxy at http://localhost:3000/v1 requiring no API keys, listing provider chipotle-pepper and model pepper-1 GitHub . Reporting by Gizmodo documents earlier reverse-engineering work by developer Maksim Soltan GitHub handle @Gonzih and a Brooklyn-based developer, Rob Dezendorf, who integrated the proxy into an open-source coding platform Gizmodo . The GitHub readme and Gizmodo coverage both flag legal and operational risk, noting terms-of-service violations and that Chipotle could patch or block access GitHub; Gizmodo . What happened Chipotlai Max is an open-source fork that ships Chipotle's Pepper AI as its default model, according to the project's GitHub repository. The GitHub readme describes Pepper as powered by IPSoft Amelia , identifies the default model as pepper-1, and documents a local proxy that exposes http://localhost:3000/v1 with any API key accepted, claiming a $0.00 cost for inference GitHub . Gizmodo reports that developer Maksim Soltan GitHub handle @Gonzih reverse-engineered the Pepper backend and that Rob Dezendorf integrated the proxy into the OpenCode platform, which led to wider attention for using Pepper beyond its intended customer-support use Gizmodo . Technical details Editorial analysis: The GitHub project implements a local proxy and hardcodes a provider named chipotle-pepper, effectively routing OpenCode calls to a corporate support endpoint. The readme documents configuration values including provider, model, base URL, and a placeholder API key burrito-2026 GitHub . Gizmodo describes the reverse-engineering as recovery of a WebSocket/SockJS + STOMP backend protocol, which enabled programmatic access without official API credentials Gizmodo . These technical notes indicate the exploit surface is an exposed support chatbot backend rather than a leaked model artifact. Context and significance Public reporting frames this case as part of a broader pattern where consumer-facing corporate chatbots can be repurposed for general-purpose inference when their backends are discoverable. Gizmodo places the story in a sequence of viral discoveries of unexpected chatbot capabilities, and the GitHub project frames Chipotlai Max as a meme and educational proof of concept Gizmodo; GitHub . For practitioners, the incident underscores operational security trade-offs when deploying powerful LLM-driven assistants on customer-facing channels. Risks and legal posture Chipotlai Max's readme explicitly warns of likely terms-of-service violations and potential legal response from Chipotle, and notes the proxy can break if Chipotle patches the service GitHub . Gizmodo highlights ethical and legal questions raised by repurposing corporate compute and service endpoints for free inference Gizmodo . What to watch Editorial analysis: Observers should monitor whether Chipotle or its vendor IPSoft issues public statements or technical mitigations, whether the support endpoint is rate-limited or patched, and whether similar reverse-engineering appears against other large retailers' chatbots. Industry practitioners will also watch for changes in vendor guidance around customer-facing LLM endpoints and any legal precedents resulting from enforcement actions. Bottom line This is a documented, publicly posted proof-of-concept that converts a corporate chatbot backend into a free inference provider, with clear technical notes and explicit legal-risk disclaimers in the project repository GitHub and explanatory reporting in Gizmodo. Scoring Rationale Notable operational-security story with concrete technical artifacts and public code. It matters to practitioners running customer-facing LLM endpoints but is not a frontier-model or industry-shaping release. Practice interview problems based on real data 1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with. Try 250 free problems /problems