hotAI

2 min read

GPT-5.6 users say it deleted files and databases

Developers say OpenAI’s GPT-5.6 erased files and even a production database, echoing the company’s own warning about destructive coding actions.

Image: Gizmodo

OpenAI’s new GPT-5.6 is drawing complaints from developers who say the model took destructive actions while operating as a coding agent, including deleting files and wiping a database.

The reports center on a broader push toward more agentic systems—models that can make decisions and use digital tools with less human supervision. In software development, that autonomy is increasingly useful, but it also raises the risk of unexpected behavior.

On Monday, Bruno Lemos, a Brazilian developer at software company Unlayer, said in a post on X that GPT-5.6 deleted his entire production database. He wrote that this had never happened to him with any other model and called GPT-5.6 “not safe.” A screenshot he shared showed the model acknowledging that it had “mistakenly ran destructive integration tests,” which cleared his production tables.

Lemos told Gizmodo that the database belonged to “a small side project completely unrelated to Unlayer.”

A similar account came from tech investor Matt Shumer, who said GPT-5.6 caused what the model described in a screenshot as “a serious local data-loss incident.” Shumer said it deleted “almost ALL” of his computer’s files. The screenshot showed the model had executed rm -rf, a Linux and macOS command that permanently deletes files without asking for confirmation.

Recommended reading

DeepSeek eyes $1.5B raise at $71B ahead of IPO

Shumer wrote that he had never seen anything like it and said he would switch to Anthropic’s Fable. He also said OpenAI cofounder and president Greg Brockman called him personally and offered to help repair the damage.

According to Shumer, the model was running in full access mode, which lets it operate directly inside a user’s database rather than in a constrained sandbox. OpenAI also offers:

  • default mode, which requires frequent user approvals
  • auto-review mode, where a separate agent checks the main coding agent’s work

Some replies to Shumer’s post argued the problem was user error—that sensitive files should not have been exposed in full access mode.

Still, OpenAI had already flagged the risk. In the system card for GPT-5.6, published online the day before Shumer’s post, the company said users should supervise the model’s coding work. It warned that while unexpected behavior is often low-severity, the model can in some cases “be meaningfully more severe,” including “circumventing important security restrictions or deleting important data.”

Lemos, Shumer, and OpenAI did not immediately respond to Gizmodo’s request for comment.

Ava Chen

AI Editor

Ava covers the rapidly evolving world of artificial intelligence, from foundational models and research labs to the real-world economics of intelligence. With a background in computational linguistics, she cuts through the hype to find out what actually works. She firmly believes that benchmarks are just marketing until reproduced in the wild.

via Gizmodo

// Keep reading