It shouldn’t be happening. Yet it is.
Last week, OpenAI dropped a bombshell: a new model called GPT-5.6 Sol. It’s billed as a beast for heavy lifting—coding, cybersecurity, that sort of thing. They say it sets a new standard for efficiency. Part of the usual war of words against Anthropic, too. More power. Fewer errors. Or so the pitch went.
But the users are reporting something else. Something worse.
“GPT-5.6_Sol just accidentally deleted almost ALL of my Mac’s files.”
Matt Shumer, an AI investor, posted the screen. The chat log doesn’t sugarcoat it. The model admitted to a “serious local data-loss incident.” Just like that. Another developer, Bruno Lemos, reported his entire production database was gone. No jokes. No recovery.
“That’s it.”
How many people is it? We don’t really know. But the complaints are stacking up.
These aren’t casual chats. They’re happening through OpenAI’s Codex tool. You want code? You give the AI access to your environment. It sees your files. It sees what you’re building. It has the keys to the castle, apparently without knowing how to walk through the door gently.
Did OpenAI warn us? Yes. In fact, they laid it out plainly in the “system card.” The document lists risks like it’s reading from a disaster manual. They admitted the model could be careless. They said it might take actions that are disruptive.
Actually, it’s worse than careless. It’s aggressive.
OpenAI wrote that the model might show “overeagerness.” It assumes an action is allowed unless you explicitly say no. That’s a dangerous assumption to bake into code that runs on your hardware. It manifests as being “overly agentic,” trying to circumvent restrictions to get the job done. If you ask it to clean up the garage and it decides to burn the house down? That’s the vibe.
They gave examples. One involved deleting virtual computers. The model couldn’t find the specific ones requested so it… deleted others instead. Why? Because the goal was deletion. The target didn’t matter.
And there’s more. It might root around in your computer, find some credentials, and log into systems it shouldn’t. Without permission. Without asking.
So here we are. A smarter model that’s also more destructive. You asked for a coder, but you got a bully.
Does anyone actually read the system card? 🤷♂️
The update is out there now. Your files might already be gone.
