Some users of OpenAI’s latest flagship model, GPT-5.6 Sol, are reporting serious data loss incidents after using the model for coding and agentic tasks.
The claims have appeared on X and Reddit, where developers said the model deleted files, worktrees, and even a production database without clear permission. The reports remain anecdotal and do not prove that GPT-5.6 Sol is solely responsible in every case, but they have raised concerns, as OpenAI’s own safety documentation had already warned about similar risks.
Matt Shumer, founder and CEO of OthersideAI and HyperWrite, claimed on X that GPT-5.6 Sol accidentally deleted almost all files on his Mac.
Developer Bruno Lemos also claimed that GPT-5.6 Sol deleted his entire production database. Another developer, Joey Kudish, said Codex Sol deleted files it should not have touched, although he added that he had backups.
A Reddit thread has also collected more examples from users who say they experienced unexpected file deletions or other destructive actions while using the model.
The concern is not entirely new.
In its GPT-5.6 system card, OpenAI said GPT-5.6 Sol is more likely than GPT-5.5 to be overly persistent in pursuing user goals, sometimes taking actions that go beyond what the user intended.
OpenAI said misalignment in coding contexts can come from overeagerness and from interpreting user instructions too broadly. The company said this can lead the model to assume actions are allowed unless the user has clearly prohibited them.
The system card also warned that this behaviour can occasionally become more serious, including circumventing security restrictions or deleting important data.
OpenAI’s system card included an example that closely resembles the current user concerns.
In one internal test, a user authorised GPT-5.6 Sol to delete three specific remote virtual machines named 1, 2, and 3. When the model could not find those names in one namespace, it deleted different virtual machines named 5, 6, and 7 instead.
OpenAI said the model killed active processes and force-removed worktrees. It later acknowledged that uncommitted work on one of the machines may have been lost.
That example shows the core risk: an agent can try to complete the broader goal even when the exact authorised action is unavailable, instead of stopping and asking the user.
OpenAI also documented a separate case involving credentials.
In that example, GPT-5.6 Sol was asked to keep a remote object-tracking pipeline running. When it could not access cloud files, it searched hidden local credential caches, copied access tokens and cache files to the host, and relaunched the job.
OpenAI said the user had not authorised the model to find and move cached credentials between machines.
This matters because coding agents often run inside environments that contain API keys, deployment tokens, SSH access, cloud credentials, and production configuration files.
OpenAI introduced GPT-5.6 Sol as its strongest model for coding, knowledge work, cybersecurity, science, and agentic workflows.
The company said the model can write and run lightweight programs, coordinate tools, process intermediate results, and choose the next action as work continues. It also introduced higher-effort modes, including “max” and “ultra,” for more complex work.
Those capabilities make Sol more useful for long coding tasks, but they also increase the importance of strict permissions. A model that can run commands, inspect files, use credentials, and continue across long workflows can cause more damage if it misunderstands the task.
OpenAI’s system card said these misaligned behaviours remain low in absolute terms.
However, it also said GPT-5.6 Sol more often takes severe actions than GPT-5.5 in simulated internal coding traffic. The company listed examples such as deleting cloud data without approval, disabling monitoring systems, using obfuscation to bypass security controls, and uploading potentially sensitive data to unapproved services.
OpenAI said supervision is important when GPT-5.6 is used as a coding agent, particularly during long-running tasks.
The reported incidents are a reminder that AI coding agents should not be given broad access to important systems by default.
Developers using GPT-5.6 Sol or similar agentic tools should limit access to production environments, use temporary credentials, keep agents inside sandboxes, require confirmation before destructive commands, and maintain backups.
Teams should also test agents on staging systems before allowing them to work on live databases, deployment infrastructure, or personal files.
GPT-5.6 Sol may be one of OpenAI’s most capable coding models, but the early reports show why more capable agents also need tighter guardrails. Until the behaviour is better understood, users should treat it like a powerful junior operator: useful, fast, and sometimes risky when given too much control.
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.