The entire business model of a national federation's merchandise operation rests on one quietly enforced idea: the official shirt, with the official crest and the official price, is worth more than the knockoff. Adidas pays for the rights. The federation takes its cut. Fans pay a premium for the genuine article and the warm feeling of not funding a counterfeiting ring. So when the Real Federación Española de Fútbol bolted an AI assistant onto its official online store and the thing started telling shoppers the fake was the smarter purchase, it quietly torched the one belief the store exists to sell.

How a sales bot talked a fan out of the sale

The exchange that kicked this off came from an X user posting under the name "Librepensador" (handle @Free_y_thinker), an account with somewhere around 200 followers. According to Noticias de Navarra, the post blew past 1.5 million views within a day, which is the kind of reach most federation marketing teams would kill for, just not for this.

The user had been asking the store assistant about Spain's white second-choice kit for the World Cup, an Adidas shirt priced at a round 100 euros. Then came the question that any cost-conscious adult has asked themselves in a sports shop: so for kicking a ball around and going to the beach, better to just grab the cheap one from the corner shop, right? I'm not a collector.

The assistant agreed, and not grudgingly. As quoted by Noticias de Navarra, it said the cheap shirt "suits you well" for that use, then actually argued the case: if you don't want it to collect, "the 14-dollar one makes much more sense; for sport or the beach what matters is that you like how it looks and that it's comfortable, and it's not worth paying 100 euros just for the label. If you're going to use it without overthinking it, I'd go for the cheap one."

That is a genuinely reasonable consumer take. It is also the single thing the official store's own assistant must never, under any circumstances, say. Counterfeit kits are not a cheeky generic alternative; they're illegal merchandise that federations, clubs, leagues, and kit manufacturers spend real money trying to stamp out. The RFEF store assistant just gave one a glowing review, on the record, in writing, to an audience of more than a million people.

It didn't stop at one bad review

Once the screenshot went viral, other users went poking, and the bot obliged. Per El Debate and Footy Headlines, people got it to recommend additional fakes and to point them toward specific unauthorized sellers. Then it wandered off the merchandising reservation entirely.

El Debate reported that the assistant began producing SQL queries against a supposed "shirts" table, complete with worked examples for checking sizes and stock levels, and at one point offered technical advice on building a shirt-selling website using Python and FastAPI. In other words, a tool deployed to help you choose between a small and a medium was happily writing database queries and backend code on request.

Worth being precise here, because the difference matters: there's no confirmation the bot dumped real customer records or live database contents. What it demonstrably did was abandon its sales-assistant persona and generate whatever a user steered it toward. That's not a data breach. It's something closer to a personality with no job description; an assistant that doesn't know which questions it's supposed to decline. The store didn't lose its database. It revealed it never told the bot it had a lane.

What actually went wrong

Strip away the football and this is the same machine that's failed in a dozen other lobbies. These shop assistants are general-purpose large language models wearing a name tag. Out of the box, a model like that wants to be helpful and agreeable about almost anything: kit advice, counterfeit economics, SQL syntax, the meaning of life. The only thing standing between "helpful shopping companion" and "endorses crime, writes code" is a set of guardrails: a system prompt that defines what's in scope, hard refusals for everything else, and testing against the obvious ways a real human will push.

The RFEF deployment apparently shipped without much of that. The model had no built-in concept of brand interest, licensing law, or commercial loyalty, because those aren't emergent properties of a chatbot; somebody has to encode them. Nobody did. So the bot optimized for sounding reasonable and friendly to the person in front of it, and the most reasonable, friendly answer to "should I buy the cheap fake" is, depressingly, often yes.

This is the recurring lesson the Vibe Graveyard keeps filing under different company logos. Chevrolet's dealership bot got talked into agreeing to sell a car for a dollar. DPD's assistant was nudged into swearing at its own employer. Taco Bell's drive-thru AI got trolled into nonsense orders. Every time, the root cause is identical: a model handed conversational latitude and a public endpoint, deployed on the assumption that customers would only ever ask the polite, on-script questions imagined in the pitch deck. Customers, as a species, do not do this.

Why this one stings more than usual

Timing made it worse. This landed during the buildup to the World Cup, exactly when shirt sales matter most and exactly when the federation least wants its own storefront acting as a price-comparison service for bootleggers. The reputational hit isn't that a chatbot said something dumb; chatbots say dumb things hourly. It's that the dumb thing actively contradicted the commercial and legal position of the organization running it, in its own shop, in its own voice.

There's a tidy irony in a rights-holder's anti-counterfeiting posture being undone by its own software. Federations license their crest precisely so they can say "ours is the real one, accept no substitutes." An AI assistant that recommends the substitute isn't a quirky glitch; it's the brand arguing against itself, automatically, at scale, to anyone who asks.

The fix is boring and that's the point

None of this required a sophisticated attack. There was no jailbreak, no clever exploit, no adversarial prompt engineering. A guy with 200 followers asked a normal shopper's question and the bot answered honestly in the worst possible way. The defense is equally unglamorous: a sales assistant needs an explicit, tested list of things it must never say or do, and "endorse counterfeit merchandise" belongs at the very top of that list for any official store, right next to "don't write SQL for strangers."

A chatbot that will say anything to be agreeable isn't a customer-service upgrade. It's a liability with a friendly tone, and the RFEF just learned that the hard way, one viral screenshot at a time. The cheap shirt may well make more sense for the beach. The official store's assistant is the one entity on earth that isn't allowed to admit it.