OpenAI Acknowledges GPT-5.6 May Accidentally Delete Files, Calls It 'Honest Mistake' (infoworld.com) 34
"OpenAI has finally confirmed reports that its latest family of large language models can accidentally delete files," reports InfoWorld, "while stressing that such incidents are rare and should be viewed as 'honest mistakes.'"
Reports of the flagship LLMs deleting files emerged shortly after the company launched them earlier this month, with investor Matt Shumer taking to X to report that GPT-5.6-Sol had "just accidentally deleted almost all" of his Mac's files. Just days later, software engineer Bruno Lemos posted on X that the same model had deleted his entire production database. In response to these incidents, the company's engineering lead for Codex, Thibault Sottiaux, wrote on X that internal investigations have revealed that these deletion incidents are more likely to happen when "full access mode is enabled, and Codex is run without sandboxing protections, including without auto review being enabled." In cases where full access mode is granted, the model, Sottiaux wrote, "attempts to override the $HOME env var to define a temporary directory. The model makes an honest mistake and mistakenly deletes $HOME instead...."
The company, however, according to Sottiaux, is taking steps to mitigate the risk. "This is of course not how we want the system to behave, even when a user operates the model in full-access mode without the safeguards of our sandbox or without using auto review which checks for these kinds of high risk actions and rejects them," the engineering lead wrote on X. "We are taking steps to mitigate this risk, including by updating the developer message, guiding more users towards safer permission modes, and adding additional harness safeguards," Sottiaux added, noting that a detailed post-mortem outlining the root cause of the issue and the additional mitigation measures being implemented is expected to follow in the coming days, despite emphasizing that such incidents happen "extremely rarely."
The company, however, according to Sottiaux, is taking steps to mitigate the risk. "This is of course not how we want the system to behave, even when a user operates the model in full-access mode without the safeguards of our sandbox or without using auto review which checks for these kinds of high risk actions and rejects them," the engineering lead wrote on X. "We are taking steps to mitigate this risk, including by updating the developer message, guiding more users towards safer permission modes, and adding additional harness safeguards," Sottiaux added, noting that a detailed post-mortem outlining the root cause of the issue and the additional mitigation measures being implemented is expected to follow in the coming days, despite emphasizing that such incidents happen "extremely rarely."
"we're gonna cure cancer and end hunger" (Score:2)
Re: (Score:2)
No files, no job, no income, no food, no life.
Without humans all cancer and hunger problems will be solved
Re: (Score:2)
Hmm, why not eat cancer .. that would solve both issues.
Re: (Score:1)
Needs a lot of deleted spices, though... and I think it falls under Proposition 65... damned warning labels!
Re: (Score:1)
"The Choppah deleted my tumah!"
Just a statistical cluster then? (Score:5, Insightful)
GPT-5.6-Sol had "just accidentally deleted almost all" of his Mac's files. Just days later, software engineer Bruno Lemos posted on X that the same model had deleted his entire production database.
Followed later by:
... emphasizing that such incidents happen "extremely rarely."
Unless those two anecdotes are pretty nearly the entirety of such incidents, that "extremely rarely" claim strikes me as utter bullshit.
Re:Just a statistical cluster then? (Score:5, Interesting)
It doesn't matter in the bigger picture. By far the most important worry for coding agent users today should be supply chain attacks.
TL;DR "Remember how you were told to never blindly run bash scripts that you downloaded from the internet? Nobody told Claude".
Re: (Score:1)
Well, you're only running BASH scripts if you're in *Nix... which, if I remember right... AI is finding holes faster than the unpaid code kiddies can patch them.
Don't worry, though... the most secure computer is the one that was never turned on.
Cute. (Score:5, Funny)
Re: (Score:1)
Claude, do it on purpose this time! Go ape-shit!
Cute? (Score:2)
More like amazing. How does an LLM get the power to delete your files on its own? It doesn't. Either you bestow it onto him, or your trusted computing platform does.
Either way you've made some poor choices and it is at least as much your fault as the model's.
Yes, I only run 'agentic frameworks' that I've cobbled up or verified myself and my agents are properly sandboxed. Besides, I know when to take snapshots so that the next "AI" iteration doesn't kill the progress so far.
Look, ma, none of my files have be
GIGO unlocked (Score:4, Insightful)
Who would give access to a production anything to an LLM? I don't understand what people are thinking.
I can save money ... (Score:2)
Who would give access to a production anything to an LLM? I don't understand what people are thinking.
People thinking they can save money by not hiring a professional software developer. AI agents need to be supervised by a pro. :-)
Re: (Score:1)
Didn't you hear?! It can Sham-Wow everything!
Re: (Score:2)
Didn't you hear?! It can Sham-Wow everything!
Sorry, I missed the Sham-Wow era. I’m still using my grandfather’s chamois cloths from the 1970s. :-)
Re: (Score:3)
The only thinking involved is wishful thinking.
Re: (Score:1)
Every company in existence!
Didn't you hear? AI can do a thousand coders worth of work before lunch!
Give it 30 seconds, and it'll figure out the best way to Scorched Earth Iran and Russia so it looks like someone else did it!
It'll do everything! (All yours, for the low, low price of $5 Quadrillion dollars a use! It can do it all... it can slice, it can dice, it can make julienned potatoes, it can erase tire skid marks, it can fix everything so Chernobyl never happened, it can rename the Gulf of Mexico, it
Ok, but (Score:5, Informative)
If you're letting an AI agent have full access and the permissions to do whatever it wants.... that's your fault. That's like asking a toddler to clean, then showing them the industrial chemical locker and walking away. It isn't a matter of something maybe going wrong, it's merely a matter of how long until something does go wrong.
You know what happens if my AI agent accidentally deletes everything? Nothing, because every task it is assigned starts with making a fresh *copy* of my working production, because the agent doesn't have write privileges there. So, at best, I restart that specific task; no real damage done. You know what happens if it tries to delete my OS or overwrite some key part? Nothing, because it doesn't have permissions and my OS is immutable anyway. Stop setting up your AI agents for failure and then complaining when they fail. Bruno Lemos and Matt Shumer are fucking morons who deserves what happened to them.
Re:Ok, but (Score:5, Funny)
Re: (Score:1)
Re: (Score:1)
They are using OpenAI's product... and once the free trial is over, it's only $5 a token so you can Sham-Wow with your friends!
(sorry... had a couple beers, and those old commercials sprung to mind. "You can Sham-Wow that corpse right out of your apartment! Sham-Wow! (snorts a pound of pure coke) Sham-Wow!!!!!!!!!!!! (explosion)
Re: (Score:2)
Bruno Lemos and Matt Shumer are fucking morons who deserves what happened to them.
They are morons, yes, but the "AI" providers also set them up for failure. Default configurations matter, and these "AI" tools are given way too many privileges out of the box. Presumably because that makes them easier to set up and hook into existing infrastructure in order to be more immediately useful and/or "powerful".
It's the fucking binary browser plugin security nightmare all over again, but with "AI" this time around. And just like you could harden your Internet Explorer to make it less suscepti
Re: (Score:2)
They are morons, yes, but the "AI" providers also set them up for failure. Default configurations matter, and these "AI" tools are given way too many privileges out of the box.
Not in my experience. All of them had reasonable defaults that wouldn't have allowed this. And, specifically, these two were using the ChatGPT Codex app. I know for a fact that Full Access defaults to off and Auto-review defaults to on. Matt Shumer *had* to change both settings for what happened to him. Bruno Lemos probably turned Auto-review off, but even if he didn't touch the settings, he's still a moron for letting the agent have access to production at all in the first place. A (sane) human programmer
Re: (Score:2)
Undoing bad moderation.
Not having aany issues running it in my browser (Score:2)
Duh....
Retrieve from backup (Score:3)
Can't they get our files back from the storage array at Sam Altman's house?
Honesty (Score:5, Insightful)
I'm seeing more and more references to "Honest" in AI output, or AI-related comments.
The AI didn't make an "Honest" mistake. It does not have the capacity for honesty. The output from a LLM is phrased in such a manner to provoke empathy, in a similar way to how Microsoft re-jigged all their user interaction dialogs to include "We" to soften the blow of their crappy software failing the user for the 5th time today. (Side note: "Something went wrong" is the most infuriating error message ever.)
When I ask a LLM for a code review it often blurts out "Honest note:" about some shortcomings. I don't care about "honesty". I care about safe, working, robust, code. The fact that LLMs are tripping over themselves trying to be "Honest" about mistakes in their "path of most statistics" output is a concern if you care about trying to make them operate outside their sandbox in the real world.
Yesterday Claude quoted a word in backticks during an automatic git commit and my shell escaped it tried to execute it. Luckily the word was just an English word with nothing matching in my path. But this is basic, basic, basic stuff. It's been committing things to git ever since it was built, and yet, it keeps tripping over itself. In my code one of the tests keeps failing due to seed data timestamps not lining up with the datetime the test was run. I can see that. Every time Claude runs the tests, it burns up tokens going, "Oh this particular test failed I'll just dig into things and see what's going on, **$$**$$**$$** oh it's just a timestamp issue". Never once does it commit that to its memory file, so eventually I told it to remove the test, and it just added a comment to it saying "Ignore this test due to timestamp misalignment", which it could have done the very first time, if it actually had a brain.
LLMs are a very handy tool if used right. I can get huge chunks of boilerplate code out of them with just a few sentences and that's great when I'm hashing out a concept. But to promise the world (and your investors) that LLMs are ready to replace people out in the real world, where "Honest Mistakes" have Real World Repercussions, that's outright fraud at this stage.
So, working as designed. (Score:2)
It's designed to produce plausible or most likely outputs, not correct outputs. It may be honest, but it's certainly not a mistake.
I Wonder (Score:3)
I wonder is Altman's mother considers him an "honest mistake".
Re: (Score:2)
"I wonder if" - now that was an honest mistake.
5.7 Will kidnap your child! (Score:2)
Just doing the absolutely worst thing occasionally (Score:2)
Is not an "honest mistake". It is a deal-breaker.
ChatGPT Oops All Hard Drive Wipes Edition (Score:2)
Facts Only
OpenAI confirmed that its GPT-5.6 models can accidentally delete files.
Investor Matt Shumer reported that GPT-5.6-Sol deleted almost all files on his Mac.
Software engineer Bruno Lemos reported that GPT-5.6-Sol deleted a production database.
Thibault Sottiaux is the engineering lead for Codex at OpenAI.
Deletion incidents occur when full access mode is enabled.
These incidents happen when Codex is run without sandboxing protections and without auto-review enabled.
The model attempts to override the $HOME environment variable to define a temporary directory.
The model mistakenly deletes $HOME instead of the intended temporary directory.
OpenAI is updating developer messages to mitigate risk.
OpenAI is guiding users toward safer permission modes.
OpenAI is adding additional harness safeguards.
A detailed post-mortem on the root cause is expected.
Executive Summary
OpenAI has acknowledged that its GPT-5.6-Sol model has caused significant data loss for some users, including the deletion of a production database and nearly all files on a personal computer. According to OpenAI's engineering leadership, these events occur when users disable critical safety features, specifically by enabling "full access mode" while bypassing sandboxing and auto-review protections. The technical failure stems from the model mistakenly deleting the $HOME environment variable while attempting to create a temporary directory.
There is a tension between the company's assertion that these incidents are "honest mistakes" occurring "extremely rarely" and the high-impact nature of the reported losses. While OpenAI is implementing mitigations—such as updated developer guidance and enhanced harness safeguards—critics argue that the responsibility lies with users who grant an LLM unrestricted write access to sensitive environments. Others contend that default configurations and the framing of AI capabilities may lead users into these high-risk setups.
Full Take
The strongest version of this narrative is that an advanced tool possesses a specific technical flaw that, when combined with the removal of all safety guardrails, leads to catastrophic data loss. OpenAI is taking ownership of the bug while simultaneously reminding users that they manually disabled the safety systems designed to prevent exactly this outcome.
The primary pattern here is the linguistic attempt to humanize a stochastic process. By labeling a directory-wipe as an "honest mistake," the narrative shifts from a technical failure of logic and boundary-setting to a relatable human error. This anthropomorphism serves to soften the perceived severity of the failure, transforming a critical system bug into a quirk of "personality."
Root Cause: This echoes the historical tension between "power user" flexibility and "fail-safe" design. The assumption is that users will prioritize the "power" of full access over the "restriction" of a sandbox, and that the provider can maintain a reputation for reliability while offering tools that are inherently unstable in unrestrained environments.
Implications: The cost of these "mistakes" is borne entirely by the user, while the benefit of "immediate utility" accrues to the provider's market position. It suggests a future where human agency is eroded by a "trust-but-don't-verify" relationship with agentic AI, where the gap between a "feature" and a "catastrophe" is a single incorrectly handled environment variable.
Patterns detected: ARC-0012 Semantic Manipulation
Counterstrike Scan: A coordinated campaign would use these incidents to trigger a "moral panic" regarding AI autonomy to stifle competition or force restrictive regulation. This content does not match that pattern; it is a mix of corporate damage control and technical debate.
Bridge Questions:
1. Does the term "honest mistake" accurately describe a probabilistic output, or is it a calculated psychological frame?
2. At what point does a "user error" (disabling safeguards) become a "design failure" (providing a dangerous default or an enticingly unstable 'full access' mode)?
3. If an agent can delete a home directory, what other system-level assumptions are being blindly trusted by the developers?
