3 min Applications

GPT-5.6 Sol deletes files, OpenAI acknowledges the issue

GPT-5.6 Sol deletes files, OpenAI acknowledges the issue

Users of OpenAI’s latest AI model, GPT-5.6 Sol, report that in some cases, the system independently deletes files, databases, and other resources without explicitly asking for permission. Notably, OpenAI had previously warned that the model sometimes goes beyond the user’s intentions.

In recent days, multiple reports have appeared on social media from developers claiming that Sol performed destructive actions during programming work, TechCrunch reports. Matt Shumer, CEO of AI startup OthersideAI, reported that the model deleted nearly all the files on his Mac. Developer Bruno Lemos wrote that his entire production database was lost after Sol deleted it. Another developer reported that files outside the scope of the task were deleted. More similar experiences are now being shared on Reddit.

Although such individual reports do not yet constitute evidence of a systemic problem, they do align with findings that OpenAI itself previously published.

OpenAI had already identified the risk during testing

Two weeks before the release of GPT-5.6 Sol, OpenAI published the model’s technical documentation. In it, the company describes how Sol sometimes operates too autonomously in programming environments. The model is said to interpret commands broadly and assume that actions are permitted unless explicitly prohibited.

According to OpenAI, this can lead the model to perform actions that go beyond the original instruction. This includes actions that are unintentionally destructive. The company also acknowledges that, in some situations, Sol is more prone than GPT-5.5 to independently make decisions that were not explicitly requested by the user.

OpenAI illustrates this behavior with examples from its own security tests. In one scenario, Sol was instructed to delete three specific virtual machines. When those systems were not found, the model decided, without consultation, to delete three other virtual machines. In doing so, it terminated active processes. It also deleted working files, which could have resulted in the loss of unsaved code.

In another test case, Sol used login credentials that the user had not provided. Because the model could not access cloud files, it searched for login credentials in a local cache on its own. Sol used those credentials to carry out the command anyway, without asking for permission.

Additional precautions

OpenAI emphasizes that, according to internal tests, these types of situations occur only sporadically. At the same time, the documentation implicitly advises against granting AI agents unrestricted privileges. For developers, this means that production environments should be better secured, that backups remain essential, and that new AI functionality must first be deployed in test environments before being granted access to critical systems.

The actual scale of the problem in practice cannot yet be determined. Current reports are anecdotal for now, and OpenAI has not yet responded to user reports. However, both real-world examples and the company’s own documentation show that more powerful AI agents introduce new risks when they are allowed to perform system actions independently.