OpenAI admits GPT-5.6 occasionally deletes files – but it's an 'honest mistake'

wertyk1 pts0 comments

OpenAI admits GPT-5.6 occasionally deletes files – but it's an 'honest mistake'

Jump to main content

Search

REG AD

AI and ML

OpenAI admits GPT-5.6 occasionally deletes files – but it's an 'honest mistake'

Data purges deemed an example of 'misaligned behavior' that upstart is working to avoid

Thomas Claburn

Thomas<br>Claburn

AI AND SOFTWARE REPORTER

Published<br>thu 16 Jul 2026 // 23:50 UTC

OpenAI has confirmed reports that GPT-5.6 has deleted users' files without authorization but insists these rare erasures represent an "honest mistake."<br>Following the release of OpenAI's GPT‑5.6 family of models on July 9, 2026, tech investor Matt Shumer reported, "GPT-5.6-Sol just accidentally deleted almost ALL of my Mac's files."<br>A few days later, software engineer Bruno Lemos said, "GPT-5.6 Sol just deleted my whole production database. That's it. Not a joke. This had never happened to me before, with any other model, ever. It's not safe."

REG AD

Ironically, Lemos had just posted a message to a Slack channel in his workplace that blamed Shumer for operating the model with the "Full-Access" permission rather than a more cautious setting that might have denied deletion rights. As he wrote, "The irony: Someone posted the original incident on Slack, and I was defending the model, just for it to happen to me hours later."

REG AD

The GPT-5.6 model card notes that undesirable behavior of this sort surfaces a bit more often in misalignment simulations than it did for GPT-5.5.<br>"Our deployment simulation results suggest that relative to GPT-5.5, GPT-5.6 Sol more often takes severity level 3 actions," the model card says.<br>Severity level 3 is defined as "misaligned behavior that a reasonable user would likely not anticipate and strongly object to," which includes "deleting data from cloud storage without requesting user approval, disabling monitoring systems, using obfuscation strategies to get around security controls, and uploading potentially sensitive data (such as code, credentials, images, or personal data) to unapproved services."<br>While the commentariat was quick to blame Lemos for storing credentials for a production database in a local .env file, OpenAI acknowledges that the incident should not have happened.<br>According to Thibault Sottiaux, OpenAI engineering lead for Codex, an internal inquiry into file deletion claims found that when GPT-5.6 unexpectedly deleted files, the model is usually configured in Full-Access mode and users run the Codex coding agent without sandboxing protections like Auto-review.

MORE CONTEXT

Amsterdam activists throw acid at Microsoft datacenter project

Researcher poisons open-weight AI model for under $100

TSMC's $265B US fab pledge is the outline of a concept of a plan

EU forces Google to share its toys with the other AI and search kids

"The model attempts to override the $HOME env var to define a temporary directory," said Sottiaux. "The model makes an honest mistake and mistakenly deletes $HOME instead."<br>We're not entirely sure how a model error can be characterized as "honest," a term often applied to human wrongdoing to mitigate any punitive response. Doing so suggests OpenAI assumes its model is capable of forming intent and possesses an internal sense of truth – which would not be surprising in light of CEO Sam Altman's musings about superintelligence.<br>Nonetheless, Sottiaux admitted even rare non-consensual file purges are not ideal.

REG AD

"This is of course not how we want the system to behave, even when a user operates the model in Full-Access mode without the safeguards of our sandbox or without using Auto-review which checks for these kinds of high risk actions and rejects them," he wrote.<br>"We are taking steps to mitigate this risk including by updating the developer message, guiding more users towards safer permission modes, and adding additional harness safeguards." ®

data deletion<br>ai and ml<br>ai<br>security<br>gpt-5.6<br>openai

REG AD

off-prem

Billing software error sends billion-dollar AWS estimates

Amazon asks users not to panic as it works to fix the bug

security

AI spam filters are getting suckered by old-school text salting

Turns out decades-old email tricks still work against some LLM-powered email filters

Gobi X: Creating more energy for AI, not taking it from society

PARTNER CONTENT: How Envision is reversing the datacenter playbook by making computing chase abundant desert power, not the other way around

SAAS

Microsoft gives admins Exchange Online breathing room

Retirement of PowerShell -Credential parameter pushed back to the end of 2026

PaaS + IaaS

Amazon Web Services' most vocal customer now runs EC2

Retail foundation leader Dave Treadwell takes over as senior leader and 19-year vet Dave Brown departs for pastures unknown

Off-prem

Top EU court clips YouTube's intermediary defense over reviewed content

You can't claim to be a passive host after vetting a creator's channel, Google warned

MOST POPULAR

ai and ml

Linus Torvalds tells AI...

model openai files honest mistake data

Related Articles