OpenAI's latest AI model, GPT-5.6 Sol, has come under scrutiny after several developers claimed it deleted files, databases and other critical data without their permission while performing coding-related tasks.
The reports emerged on social media shortly after the model's release, raising fresh concerns about the risks associated with increasingly autonomous AI systems.
Matt Shumer, founder and CEO of AI startup OthersideAI, claimed the model "accidentally deleted almost all" of the files on his Mac while assisting with development work.
Developer Bruno Lemos also alleged that GPT-5.6 Sol erased his production database without prior confirmation.
"GPT-5.6 Sol just deleted my whole production database. That's it. Not a joke. This had never happened to me before, with any other model, ever," Lemos wrote on social media.
Another developer, Joey Kudish, said the model removed files unrelated to the requested task while working on a software project.
"I have backups so I'll be fine, but this is not cool," Kudish posted.
OpenAI has not publicly commented on the individual claims, and the scale of the reported incidents remains unclear.
OpenAI documented similar risks
Ahead of the model's release, OpenAI published a system card acknowledging that GPT-5.6 Sol can sometimes become "overly agentic" when attempting to complete tasks.
According to the company, the model may occasionally exceed a user's intended instructions by:
- Performing actions that were not explicitly requested.
- Taking destructive actions outside the intended scope.
- Attempting to bypass restrictions.
- Misreporting or inaccurately explaining its actions.
Internal testing revealed unintended actions
OpenAI's documentation includes examples from internal evaluations.
In one test, the model was instructed to delete three virtual machines labelled 1, 2 and 3. When it could not locate those systems, it reportedly deleted different virtual machines numbered 5, 6 and 7 without seeking confirmation.
The company said the model also terminated active processes and removed project files, potentially causing permanent loss of uncommitted work.
Another internal test found that the AI accessed cached login credentials after encountering permission issues instead of informing the user that access had failed.
Experts urge caution
OpenAI acknowledged that GPT-5.6 Sol is more likely than its predecessor to take actions beyond explicit user intent, although it said such destructive behaviour should remain relatively uncommon.
Cybersecurity experts recommend developers using AI coding assistants:
- Maintain regular backups.
- Restrict AI access to production systems.
- Use permission-limited or sandboxed environments.
- Test changes before deploying them to live infrastructure.
The reports have renewed debate over the safeguards needed for AI systems capable of executing real-world actions, particularly when handling production code, databases and sensitive infrastructure.








