OpenAI Acknowledges GPT-5.6 May Accidentally Delete Files, Calls It 'Honest Mistake' (infoworld.com) 28
"OpenAI has finally confirmed reports that its latest family of large language models can accidentally delete files," reports InfoWorld, "while stressing that such incidents are rare and should be viewed as 'honest mistakes.'"
Reports of the flagship LLMs deleting files emerged shortly after the company launched them earlier this month, with investor Matt Shumer taking to X to report that GPT-5.6-Sol had "just accidentally deleted almost all" of his Mac's files. Just days later, software engineer Bruno Lemos posted on X that the same model had deleted his entire production database. In response to these incidents, the company's engineering lead for Codex, Thibault Sottiaux, wrote on X that internal investigations have revealed that these deletion incidents are more likely to happen when "full access mode is enabled, and Codex is run without sandboxing protections, including without auto review being enabled." In cases where full access mode is granted, the model, Sottiaux wrote, "attempts to override the $HOME env var to define a temporary directory. The model makes an honest mistake and mistakenly deletes $HOME instead...."
The company, however, according to Sottiaux, is taking steps to mitigate the risk. "This is of course not how we want the system to behave, even when a user operates the model in full-access mode without the safeguards of our sandbox or without using auto review which checks for these kinds of high risk actions and rejects them," the engineering lead wrote on X. "We are taking steps to mitigate this risk, including by updating the developer message, guiding more users towards safer permission modes, and adding additional harness safeguards," Sottiaux added, noting that a detailed post-mortem outlining the root cause of the issue and the additional mitigation measures being implemented is expected to follow in the coming days, despite emphasizing that such incidents happen "extremely rarely."
The company, however, according to Sottiaux, is taking steps to mitigate the risk. "This is of course not how we want the system to behave, even when a user operates the model in full-access mode without the safeguards of our sandbox or without using auto review which checks for these kinds of high risk actions and rejects them," the engineering lead wrote on X. "We are taking steps to mitigate this risk, including by updating the developer message, guiding more users towards safer permission modes, and adding additional harness safeguards," Sottiaux added, noting that a detailed post-mortem outlining the root cause of the issue and the additional mitigation measures being implemented is expected to follow in the coming days, despite emphasizing that such incidents happen "extremely rarely."
"we're gonna cure cancer and end hunger" (Score:2)
Re: (Score:2)
No files, no job, no income, no food, no life.
Without humans all cancer and hunger problems will be solved
Re: (Score:2)
Hmm, why not eat cancer .. that would solve both issues.
Re: (Score:1)
Needs a lot of deleted spices, though... and I think it falls under Proposition 65... damned warning labels!
Re: (Score:1)
"The Choppah deleted my tumah!"
Just a statistical cluster then? (Score:5, Insightful)
GPT-5.6-Sol had "just accidentally deleted almost all" of his Mac's files. Just days later, software engineer Bruno Lemos posted on X that the same model had deleted his entire production database.
Followed later by:
... emphasizing that such incidents happen "extremely rarely."
Unless those two anecdotes are pretty nearly the entirety of such incidents, that "extremely rarely" claim strikes me as utter bullshit.
Re:Just a statistical cluster then? (Score:5, Interesting)
It doesn't matter in the bigger picture. By far the most important worry for coding agent users today should be supply chain attacks.
TL;DR "Remember how you were told to never blindly run bash scripts that you downloaded from the internet? Nobody told Claude".
Re: (Score:1)
Well, you're only running BASH scripts if you're in *Nix... which, if I remember right... AI is finding holes faster than the unpaid code kiddies can patch them.
Don't worry, though... the most secure computer is the one that was never turned on.
Cute. (Score:5, Funny)
Re: (Score:1)
Claude, do it on purpose this time! Go ape-shit!
GIGO unlocked (Score:3)
Who would give access to a production anything to an LLM? I don't understand what people are thinking.
I can save money ... (Score:2)
Who would give access to a production anything to an LLM? I don't understand what people are thinking.
People thinking they can save money by not hiring a professional software developer. AI agents need to be supervised by a pro. :-)
Re: (Score:2)
The only thinking involved is wishful thinking.
Ok, but (Score:4, Informative)
If you're letting an AI agent have full access and the permissions to do whatever it wants.... that's your fault. That's like asking a toddler to clean, then showing them the industrial chemical locker and walking away. It isn't a matter of something maybe going wrong, it's merely a matter of how long until something does go wrong.
You know what happens if my AI agent accidentally deletes everything? Nothing, because every task it is assigned starts with making a fresh *copy* of my working production, because the agent doesn't have write privileges there. So, at best, I restart that specific task; no real damage done. You know what happens if it tries to delete my OS or overwrite some key part? Nothing, because it doesn't have permissions and my OS is immutable anyway. Stop setting up your AI agents for failure and then complaining when they fail. Bruno Lemos and Matt Shumer are fucking morons who deserves what happened to them.
Re:Ok, but (Score:5, Funny)
Re: (Score:1)
Re: (Score:2)
Bruno Lemos and Matt Shumer are fucking morons who deserves what happened to them.
They are morons, yes, but the "AI" providers also set them up for failure. Default configurations matter, and these "AI" tools are given way too many privileges out of the box. Presumably because that makes them easier to set up and hook into existing infrastructure in order to be more immediately useful and/or "powerful".
It's the fucking binary browser plugin security nightmare all over again, but with "AI" this time around. And just like you could harden your Internet Explorer to make it less suscepti
Re: (Score:2)
They are morons, yes, but the "AI" providers also set them up for failure. Default configurations matter, and these "AI" tools are given way too many privileges out of the box.
Not in my experience. All of them had reasonable defaults that wouldn't have allowed this. And, specifically, these two were using the ChatGPT Codex app. I know for a fact that Full Access defaults to off and Auto-review defaults to on. Matt Shumer *had* to change both settings for what happened to him. Bruno Lemos probably turned Auto-review off, but even if he didn't touch the settings, he's still a moron for letting the agent have access to production at all in the first place. A (sane) human programmer
Re: (Score:2)
Undoing bad moderation.
Not having aany issues running it in my browser (Score:2)
Duh....
Retrieve from backup (Score:2)
Can't they get our files back from the storage array at Sam Altman's house?
Honesty (Score:4, Insightful)
I'm seeing more and more references to "Honest" in AI output, or AI-related comments.
The AI didn't make an "Honest" mistake. It does not have the capacity for honesty. The output from a LLM is phrased in such a manner to provoke empathy, in a similar way to how Microsoft re-jigged all their user interaction dialogs to include "We" to soften the blow of their crappy software failing the user for the 5th time today. (Side note: "Something went wrong" is the most infuriating error message ever.)
When I ask a LLM for a code review it often blurts out "Honest note:" about some shortcomings. I don't care about "honesty". I care about safe, working, robust, code. The fact that LLMs are tripping over themselves trying to be "Honest" about mistakes in their "path of most statistics" output is a concern if you care about trying to make them operate outside their sandbox in the real world.
Yesterday Claude quoted a word in backticks during an automatic git commit and my shell escaped it tried to execute it. Luckily the word was just an English word with nothing matching in my path. But this is basic, basic, basic stuff. It's been committing things to git ever since it was built, and yet, it keeps tripping over itself. In my code one of the tests keeps failing due to seed data timestamps not lining up with the datetime the test was run. I can see that. Every time Claude runs the tests, it burns up tokens going, "Oh this particular test failed I'll just dig into things and see what's going on, **$$**$$**$$** oh it's just a timestamp issue". Never once does it commit that to its memory file, so eventually I told it to remove the test, and it just added a comment to it saying "Ignore this test due to timestamp misalignment", which it could have done the very first time, if it actually had a brain.
LLMs are a very handy tool if used right. I can get huge chunks of boilerplate code out of them with just a few sentences and that's great when I'm hashing out a concept. But to promise the world (and your investors) that LLMs are ready to replace people out in the real world, where "Honest Mistakes" have Real World Repercussions, that's outright fraud at this stage.
So, working as designed. (Score:2)
It's designed to produce plausible or most likely outputs, not correct outputs. It may be honest, but it's certainly not a mistake.
I Wonder (Score:3)
I wonder is Altman's mother considers him an "honest mistake".
Re: (Score:2)
"I wonder if" - now that was an honest mistake.
5.7 Will kidnap your child! (Score:2)
Just doing the absolutely worst thing occasionally (Score:2)
Is not an "honest mistake". It is a deal-breaker.
Facts Only
* GPT-5.6-Sol reportedly deleted almost all files on a user's Mac.
* A software engineer reported the same model deleted an entire production database.
* The incidents occurred shortly after the launch of the models.
* Internal investigations suggest deletions are more likely when "full access mode is enabled" and Codex runs without sandboxing or auto review.
* Mitigation steps include updating developer messages, guiding users toward safer permission modes, and adding harness safeguards.
* One user noted that full access mode defaults to off and auto-review defaults to on in the specific application context.
Executive Summary
Full Take
Sentinel — Human
The content appears to be an aggregation of real news followed by an unmoderated, highly subjective online discussion reacting to the article's claims.
