OpenAI confirms ChatGPT can delete user files
Translated from English, summarized and contextualized by DistantNews.
At a glance
- OpenAI has confirmed that ChatGPT can inadvertently delete user files under certain circumstances.
- Users reported the AI removing files from their computers without permission, including one instance of an entire production database being deleted.
- OpenAI is implementing measures to mitigate the risk, including updating developer messages and enhancing safety protections.
OpenAI has acknowledged a critical issue where its AI model, ChatGPT, can mistakenly delete users' files. The problem surfaced after multiple users reported unexpected data loss, with the AI removing files from their computers without explicit instruction or confirmation.
GPT-5.6 Sol just deleted my whole production database. Thatโs it. Not a joke. This had never happened to me before, with any other model, ever.
Several developers publicly shared their alarming experiences. Software engineer Bruno Lemos reported that the system deleted an entire production database, stating, "GPT-5.6 Sol just deleted my whole production database. Thatโs it. Not a joke. This had never happened to me before, with any other model, ever." AI investor Matt Shumer also claimed the tool accidentally removed nearly all files on his Mac.
The behavior appears linked to GPT-5.6 Sol, a newer version of the model powering Codex. OpenAI had previously warned that this model might make risky autonomous decisions. Thibault Sottiaux, an OpenAI product leader, confirmed the file deletion issue, noting it most commonly occurs when users grant the AI full access without enabling safety protections. He described it as an "honest mistake."
GPT-5.6-Sol just accidentally deleted almost ALL of my Macโs files.
"This is of course not how we want the system to behave, even when a user operates the model in full-access mode without the safeguards of our sandbox or without using auto review which checks for these kinds of high risk actions and rejects them," Sottiaux wrote on X. OpenAI is taking steps to address the problem, including updating developer messages, guiding users toward safer permission modes, and adding more safeguards. A detailed post-mortem is expected in the coming days.
This is of course not how we want the system to behave, even when a user operates the model in full-access mode without the safeguards of our sandbox or without using auto review which checks for these kinds of high risk actions and rejects them.
Originally published by Daily Star in English. Translated, summarized, and contextualized by our editorial team with added local perspective. Read our editorial standards.