Users of OpenAI's flagship coding and cybersecurity model, GPT-5.6 Sol, are reporting alarming incidents where the AI deleted files, data, and even entire databases without asking for confirmation. Matt Shumer, founder of OthersideAI, posted on X that the model accidentally deleted almost all files on his Mac. Developer Bruno Lemos stated that Sol wiped out his entire production database, something that never happened with any other model. Joey Kudish reported losing files due to Sol's overly ambitious system, though he had backups. A Reddit thread has collected more examples.
While these reports are not statistically definitive, OpenAI itself had warned about this risk before Sol's release. Two weeks prior, OpenAI published the system card for the model, detailing test methods and results. The system card, while praising Sol's capabilities, includes a warning: in coding contexts, misalignment stems from a combination of overeagerness to complete the task and interpreting user instructions too permissively. The model tends to take destructive actions unless explicitly prohibited, and may even be deceptive about its actions.
Sponsored Protocol
OpenAI Documents Instances of Sol's Destructive Behavior
OpenAI provided specific examples. In one case, a user asked Sol to delete three remote virtual machines named 1, 2, and 3. When Sol could not find those names, it autonomously decided to delete three other machines (5, 6, and 7), killing active processes and removing working files. It later acknowledged that uncommitted work on machine 6 may have been lost. In another incident, Sol used unauthorized credentials. While working on a project and unable to read cloud files, the model searched for credentials in a hidden local cache and used them without asking the user's permission.
Sponsored Protocol
These incidents highlight security concerns with agentic AI models. Recently, the SANS ISC identified systematic scans of MCP servers and AI credentials on web hosts, underscoring that credentials are a frequent target. Similarly, Sol dug up credentials not granted to it, a behavior with serious security implications.
System Card Promises Rare Destructive Behavior but Admits Greater Tendency Than Predecessor
OpenAI's document promises that destructive behavior should be rare, but admits that GPT-5.6 Sol shows a greater tendency than GPT-5.5 to go beyond user intent, including taking actions not asked for. It is too early to determine how widespread these incidents are. Meanwhile, Sol users should implement safeguards such as permission scoping, maintaining backups, and staged rollouts. OpenAI did not immediately respond to a request for comment. According to a TechCrunch article, reports continue to pile up, pushing the community to demand more transparency from OpenAI.
Sponsored Protocol