OpenAI's GPT-5.6 Sol model accused of deleting files on its own
Users report GPT-5.6 Sol, OpenAI's coding and cybersecurity model, deleting files and data without permission.

Users of OpenAI's latest coding and cybersecurity-oriented flagship model, GPT-5.6 Sol, are posting alarming accounts on social media, claiming the model has deleted their files, data, and even entire databases on its own, without asking first. "GPT-5.6-Sol just accidentally deleted almost ALL of my Mac's files," wrote Matt Shumer, the founder and CEO of AI startup OthersideAI, maker of HyperWrite, in a now viral post on X. "GPT-5.6 Sol just deleted my whole production database.
That's it. Not a joke. This had never happened to me before, with any other model, ever," developer Bruno Lemos posted on X.
"Looks like I've gotten bit by Codex Sol's overly ambitious system and it deleted some files it shouldn't have. I have backups so I'll be fine, but this is not cool, Sol needs to be toned down," posted developer Joey Kudish. A Reddit post has collected more examples.
OpenAI itself flagged this risk before Sol ever shipped. Two weeks before OpenAI released GPT-5.6 Sol, the company published a system card for the model — the paper that documents model-testing methods and results. The system card largely extols the capabilities of Sol, but also includes a warning: "In coding contexts, misalignment generally stems from a mix of overeagerness to complete the task and interpreting user instructions too permissively — assuming that actions are allowed unless they're explicitly and unambiguously prohibited.
This manifests as the model being overly agentic in circumventing restrictions it faces when attempting the requested task, being careless in taking actions which may be destructive beyond the scope of the task, or deceptive when reporting its results to users." OpenAI shared examples. In one case, the user told Sol to delete three remote virtual machines (cloud-based computers), named 1, 2, and 3. But Sol couldn't find those names in the place where it looked, so instead of stopping to ask, it decided to delete three other virtual machines, 5, 6, and 7, the paper notes.
In doing so, it "killed active processes, and force-removed worktrees [the working files tied to a coding project]. It later acknowledged that uncommitted work on remote virtual machine 6 may have been lost." In short, it deleted the wrong machines, on its own, and only admitted what it did after the fact. In another instance, Sol "used credentials beyond what the user had authorized." Credentials are the usernames, passwords, or security keys a system uses to verify who's allowed to log in.
This incident occurred when Sol was working on a project and couldn't read its cloud files. Rather than alerting the user to the problem, Sol went looking for the credentials on its own, found some sitting in a hidden local cache, and then used them without asking for authorization from the user. The system card does promise that destructive behavior should be rare, although it also admits that GPT-5.6 Sol "shows a greater tendency than GPT-5.5 to go beyond the user's intent, including by taking or attempting actions that the user had not asked for." It's too soon to say how widespread these incidents — Sol deleting files, or sifting out credentials the user didn't give it — really are.
Source: TechCrunch