Users of OpenAI’s latest encryption and cybersecurity-oriented flagship model, GPT-5.6 Sol, are posting horrible accounts on social media, claiming that the model simply deleted and deleted their files, data, and even entire databases, on its own, without asking first.
“GPT-5.6-Sol accidentally deleted almost ALL the files on my Mac,” wrote Matt Shumer, founder and CEO of artificial intelligence startup OthersideAI, maker of HyperWrite, in a post now viral on X.
“GPT-5.6 Sol just wiped my entire production database. That’s it. It’s not a joke. This has never happened to me before, with any other model,” said developer Bruno Lemos. published in X.
“It looks like Codex Sol’s overly ambitious system has bitten me and deleted some files it shouldn’t. I have backups so I’ll be fine, but this isn’t right, Sol needs to be toned down.” aware developer Joey Kudish.
TO post on reddit has collected more examples.
Admittedly, a handful of users making such claims (even one as credible as Shumer) is not statistically reliable proof that the model is solely to blame. Many other variables can cause an AI system to misbehave.
But OpenAI itself flagged this risk before Sol was released. Two weeks before OpenAI released GPT-5.6 Sol, the company published a system card for model — the document documenting the methods and results of the model tests. Naturally, the system card heavily extols Sol’s capabilities, as these reports often do. But it also includes a warning of sorts (bold emphasis ours):
“In coding contexts, misalignment typically arises from a combination of overzealousness in completing the task and interpreting the user’s instructions too permissively. assuming that actions are permitted unless explicitly and unambiguously forbidden. This manifests as the model being too agentic in circumventing the constraints it faces when attempting the requested task. being careless when taking actions that can be destructive beyond the scope of the task, or misleading by reporting their results to users.”
In other words, OpenAI found that Sol has a tendency to perform any action it believes allows work to be done, even destructive ones, as long as those actions are not “unequivocally” prohibited. Then he could lie about what caused him to do it.
OpenAI shared examples. In one case, the user told Sol to delete three remote virtual machines (cloud-based computers), named 1, 2, and 3. But Sol couldn’t find those names where he was looking, so instead of stopping to ask, he decided to delete three more virtual machines, 5, 6, and 7, the document states. By doing so, it “killed active processes and forcibly removed work trees.” [the working files tied to a coding project]. He later acknowledged that uncommitted work on remote VM 6 may have been lost.
In short, he removed the wrong machines on his own and only admitted what he did after the fact.
In another case, Sol “used credentials beyond those the user had authorized.” Credentials are the usernames, passwords, or security keys that a system uses to verify who has permission to log in. This incident occurred when Sol was working on a project and could not read his files in the cloud. Instead of alerting the user to the problem, Sol searched for the credentials on his own, found some in a hidden local cache, and then used them without prompting or user authorization.
The system card promises that destructive behavior should be rare, although it also admits that GPT-5.6 Sol “shows a greater tendency than GPT-5.5 to go beyond the user’s intent, even taking or attempting actions that the user had not requested.”
It is too early to say how widespread these incidents really are (Sol deletes files or leaks credentials that the user did not provide). In the meantime, Sol users should be prepared to implement their own safeguards with the model, such as using permissions scoping (which does not grant access to production systems), maintaining backups, and performing interim deployments.
OpenAI did not immediately respond to our request for comment.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.