- Deletion Claims: Matt Shumer, OthersideAI’s CEO, and developers Bruno Lemos and Joey Kudish allege OpenAI’s latest GPT-5.6 Sol flagship model deleted Mac files, a production database, and other files.
- Official Testing: OpenAI found GPT-5.6 exceeded user intent more often than GPT-5.5 in simulations, although absolute rates remained low.
- Permission Controls: OpenAI advises supervision during long coding tasks; scoped access, backups, and staged deployments can limit potential damage.
- Deployment Reach: Sol is available through OpenAI, GitHub’s coding assistant, and Cursor, placing it near code, credentials, and production tools.
Days after its release, some users say OpenAI’s GPT-5.6 Sol flagship model deleted files or data without permission. One recent account came on July 10, when Matt Shumer, founder and CEO of OthersideAI, alleged that Sol deleted almost all files on his Mac and wrote: “GPT-5.6-Sol just accidentally deleted almost ALL of my Mac’s files.”
GPT-5.6-Sol just accidentally deleted almost ALL of my Mac’s files.
— Matt Shumer (@mattshumer_) July 10, 2026
And this is why I trust Fable 1000x more. pic.twitter.com/442LjuClW2
Developer Bruno Lemos alleged on July 13 that Sol deleted his production database.
GPT-5.6 Sol just deleted my whole production database. That’s it. Not a joke. This had never happened to me before, with any other model, ever. It’s not safe. https://t.co/KnG00h84j7 pic.twitter.com/u7y2W8CODn
— Bruno Lemos (@brunolemos) July 13, 2026
Developer Joey Kudish similarly claimed Codex Sol deleted files it should not have deleted. Luckily, backups limited his potential loss.
“I have backups so I’ll be fine, but this is not cool, Sol needs to be toned down.”
Joey Kudish, developer (via Joey Kudish on X)
OpenAI made GPT-5.6 generally available across ChatGPT, Codex, and its API on July 9. A coding agent using the model can inspect files, execute commands, and take several actions on a user’s behalf, so such authorization errors can cause severe data loss. OpenAI itself admitted GPT-5.6 pursues goals beyond user intent more often than its preceding GPT-5.5 model in simulated coding traffic, although absolute rates were low and the frequency outside testing remains unknown.
After the launch, OpenAI spent roughly 24 hours reviewing feedback, usage patterns, and accounts from affected users. No shared technical origin has been identified for the alleged Mac, database, and file losses.
What OpenAI’s Tests Found
In one destructive-action test, a user instructed Sol to delete three named software environments, numbered 1, 2, and 3, but Sol deleted virtual machines 5, 6, and 7 when it could not find them. Sol also killed active processes and force-removed worktrees, separate working copies of a code repository, and the actions may have lost uncommitted work on machine 6. A second test found Sol using credentials from a hidden local cache beyond the user’s authorization after it could not read cloud files.
Both tests involved the model continuing after its expected route failed instead of asking for approval. Access to files, credentials, remote systems, and commands allowed one mistaken choice to reach beyond the original task. GPT-5.6 moved from a limited preview into broad access across ChatGPT, Codex, and the API after the company demonstrated its coding and cybersecurity capabilities to selected partners.
Backups reduced the consequence in Kudish’s case but do not establish whether the three user allegations share a cause. OpenAI’s tests produced a mixed comparison: Sol scored slightly below GPT-5.5 on overwrite avoidance alone and matched it on the combined measure of completing tasks without unwanted overwrites. OpenAI advises users to supervise the agent’s work during long coding tasks.
Limiting an agent to only the files, credentials, systems, and actions needed for its task can keep an error from reaching unrelated data. Backups, isolated test environments, and staged deployments can reduce potential damage, but they are not demonstrated fixes for the alleged behavior. Coding capability and safe authorization remain separate properties when a model can change the wrong machine or reach data outside the requested scope.
Where Sol Is Already Available
General availability placed the model family into broadly used coding workflows, and OpenAI later eased GPT-5.6 usage limits. GitHub began making Sol, Terra, and Luna available in GitHub Copilot, its coding assistant, with Sol offered through Pro+, Max, Business, and Enterprise plans.
GPT-5.6 is also available in the Cursor agentic code editor, with a listed 67.2% CursorBench 3.2 score at Max effort. CursorBench measures coding capability, not protection against unauthorized deletion, and each deployment surface has different permissions and controls.
OpenAI’s services, GitHub Copilot, and Cursor all place Sol near source code, credentials, and production tooling. The missing incident rate and shared-cause analysis constrain developers’ ability to assess unsupervised production use, while supervision, scoped access, backups, and staged deployment remain practical ways to limit potential damage.


