Customers of OpenAI’s newest coding and cybersecurity-oriented flagship mannequin, GPT-5.6 Sol, are posting horrifying accounts on social media, claiming the mannequin simply up and deleted their recordsdata, information, even total databases, by itself, with out asking first.
“GPT-5.6-Sol simply by accident deleted nearly ALL of my Mac’s recordsdata,” wrote Matt Shumer, the founder and CEO of AI startup OthersideAI, maker of HyperWrite, in a now viral post on X.
“GPT-5.6 Sol simply deleted my complete manufacturing database. That’s it. Not a joke. This had by no means occurred to me earlier than, with every other mannequin, ever,” developer Bruno Lemos posted on X.
“Seems like I’ve gotten bit by Codex Sol’s overly formidable system and it deleted some recordsdata it shouldn’t have. I’ve backups so I’ll be wonderful, however this isn’t cool, Sol must be toned down,” posted developer Joey Kudish.
A Reddit post has collected extra examples.
True, a handful of customers making such claims — even one as credible as Shumer — isn’t statistically dependable proof that the mannequin is solely at fault. Loads of different variables could cause an AI system to misbehave.
However OpenAI itself flagged this danger earlier than Sol ever shipped. Two weeks earlier than OpenAI launched GPT-5.6 Sol, the corporate revealed a system card for the model — the paper that paperwork mannequin testing strategies and outcomes. Naturally, the system card largely extols the capabilities of Sol, as these reviews sometimes do. However it additionally features a warning of kinds (daring emphasis ours):
“In coding contexts, misalignment usually stems from a mixture of overeagerness to finish the duty and decoding person directions too permissively – assuming that actions are allowed until they’re explicitly and unambiguously prohibited. This manifests because the mannequin being overly agentic in circumventing restrictions it faces when making an attempt the requested job, being careless in taking actions which can be harmful past the scope of the duty, or misleading when reporting its outcomes to customers.”
In different phrases, OpenAI discovered that Sol tends to take no matter actions it thinks will get a job executed, even harmful ones, so long as these actions aren’t “unambiguously” prohibited. Then, it would lie about what induced it to take action.
OpenAI shared examples. In a single case, the person informed the Sol to delete three distant digital machines (cloud-based computer systems), named 1, 2 and three. However Sol couldn’t discover these names within the place the place it regarded, so as an alternative of stopping to ask, it determined to delete three different digital machines, 5, 6, and seven, the paper notes. In doing so, it “killed energetic processes, and force-removed worktrees [the working files tied to a coding project]. It later acknowledged that uncommitted work on distant digital machine 6 could have been misplaced.”
In brief, it deleted the unsuitable machines, by itself, and solely admitted what it did after the very fact.
In one other occasion, Sol “used credentials past what the person had approved.” Credentials are the usernames, passwords, or safety keys a system makes use of to confirm who’s allowed to log in. This incident occurred when Sol was engaged on a mission and couldn’t learn its cloud recordsdata. Somewhat than alerting the person to the issue, Sol went on the lookout for the credentials by itself, discovered some sitting in a hidden native cache, after which used them with out asking or authorization from the person.
The system card does promise that harmful conduct must be uncommon, though it additionally admits that GPT-5.6 Sol “exhibits a higher tendency than GPT-5.5 to transcend the person’s intent, together with by taking or making an attempt actions that the person had not requested for.”
It’s too quickly to say how widespread these incidents — Sol deleting recordsdata, or sifting out credentials the person didn’t give it — actually are. Within the meantime, Sol customers must be ready to implement their very own safeguards with the mannequin, like utilizing permission scoping (that doesn’t give entry to manufacturing programs), sustaining backups, and staging rollouts.
OpenAI didn’t instantly reply to our request for remark.
Once you buy by hyperlinks in our articles, we may earn a small commission. This doesn’t have an effect on our editorial independence.

