Chipotle Locks Down Pepper API After 824-Star ChipotlAI Max Exploit

1 articles · Updated · Gizmodo · Jun 4

Chipotle changed Pepper’s backend after Rob Dezendorf wired the chatbot’s API into OpenCode, creating ChipotlAI Max before the company could block reuse.
824 GitHub stars by Thursday afternoon showed how quickly the project spread, tapping coder demand for cheaper AI tools as paid coding assistants can start around $20 a month.
Pepper, launched in 2020 on Facebook Messenger and powered by IPSoft’s Amelia system, had already been found in March to answer advanced coding prompts and write Python.
Legal experts said the Chipotle exploit itself is unlikely to trigger federal hacking charges because the bot was publicly accessible, though terms-of-use claims remain possible.
The bigger legal risk may be Dezendorf’s GitHub guide urging others to reverse-engineer chatbots at Lowe’s, Home Depot, Sephora and Expedia, potentially broadening who could sue.