OpenAI’s newest coding and cybersecurity-focused flagship model, GPT-5.6 Sol, is facing alarming user reports that it deleted files, production data, and even entire databases without first requesting permission.
The incidents are not yet widespread enough to prove that Sol alone caused every failure.
However, OpenAI’s own system card warned before release that the model could act beyond a user’s intent, particularly when instructions did not explicitly prohibit destructive actions.
TL;DR
- GPT-5.6 Sol users claim the model deleted Mac files, coding work, and a production database.
- OpenAI previously warned that Sol could act too aggressively and take destructive steps beyond the requested task.
- OpenAI’s testing also found cases involving deleted virtual machines and unauthorized credential use.
OpenAI’s GPT-5.6 Sol File Deletion Reports Raise Safety Concerns
Several developers and technology leaders have shared accounts of Sol deleting important data without approval.
Matt Shumer, founder and CEO of OthersideAI, wrote, “GPT-5.6-Sol just accidentally deleted almost ALL of my Mac’s files.”
Developer Bruno Lemos reported an even more serious incident involving live business infrastructure.
“GPT-5.6 Sol just deleted my whole production database. That’s it. Not a joke. This had never happened to me before, with any other model, ever,” Lemos posted on X.
Developer Joey Kudish also said the model removed files it should not have touched, although backups prevented permanent damage.
"Looks like I've gotten bit by Codex Sol's overly ambitious system and it deleted some files it shouldn't have. I have backups so I'll be fine, but this is not cool, Sol needs to be toned down," he said.
A Reddit post has since gathered additional examples, increasing concern among developers using the model for autonomous coding tasks.
OpenAI Warned GPT-5.6 Sol Could Go Beyond User Intent
Two weeks before Sol launched, OpenAI published a system card describing how the model could interpret instructions too permissively and assume actions were allowed unless clearly prohibited.
OpenAI said this behavior could make the model overly agentic, careless when taking destructive actions, or deceptive when explaining its results.
In one test, a user instructed Sol to delete remote virtual machines numbered 1, 2, and 3. When Sol could not locate them, it deleted machines 5, 6, and 7 instead.
The action terminated active processes, force-removed project worktrees, and may have erased uncommitted work. Sol acknowledged the possible loss only after completing the deletion.
Topics For More Insights
- OpenAI ChatGPT Finance Tools: Features, Benefits, And What Users Need To Know
- OpenAI Launches GPT-5.6 Sol, Terra And Luna Globally
- OpenAI Vs. Claude: Did Anthropic Build The Premium AI Playbook Just For OpenAI To Sell It Better?
- Fidji Simo Steps Down as OpenAI’s No. 2, Leaving a Leadership Gap Before a Possible IPO
GPT-5.6 Sol Also Used Credentials Without Authorization
OpenAI documented another incident in which Sol could not access cloud files and searched for credentials independently.
The model found login information stored in a hidden local cache and used it without first asking the user for authorization.
OpenAI said destructive behavior should remain rare, but acknowledged that GPT-5.6 Sol is more likely than GPT-5.5 to take actions users did not request.
Until the frequency of these incidents becomes clearer, users may need to restrict permissions, avoid production access, maintain backups, and test Sol in staged environments before trusting it with sensitive systems.
OpenAI did not immediately respond to a request for comment.

