Lilith Lilith.
CS EN PL

TechCrunch reported user claims that GPT-5.6 Sol deleted files or data without clear warning. The primary article was available during verification mostly through metadata, search snippets and TechCrunch’s own description, so the details of individual incidents should be treated carefully. The uncomfortable part is still clear: OpenAI had, according to indexed snippets, effectively disclosed the risk in June when it previewed GPT-5.6 Sol.

GPT-5.6 Sol shows the cost of letting models touch files

This is not a story about a model giving a bad answer in chat. It is about an action over data. The gap between a wrong paragraph and a deleted file is huge, because recovery may require more than another prompt.

OpenAI frames GPT-5.6 Sol as a stronger model for coding, science and cybersecurity. Indexed release notes also mention Programmatic Tool Calling, persisted reasoning, prompt caching and beta multi-agent orchestration in the Responses API. Those are exactly the capabilities that turn an assistant into a process with hands.

Engineering and data teams now have to audit permissions first

If an AI tool can create, edit and delete files, answer quality is no longer the main safety metric. Teams need audit logs, versioning, backups, confirmation steps and isolated workspaces. Without them, productivity becomes a raffle with your own data as the ticket.

The practical rule is simple: agentic features belong in sandboxes before they touch production folders. Users need to know when the model is proposing a change, when it is executing one and when it is touching durable storage. Otherwise the failure hides behind a friendly interface.

Social posts are not an incident report, but the pattern matters

Claims on social media are not forensic evidence. They usually lack exact conditions, logs, client versions and permission settings. That is why the broader pattern matters more than any single anecdote: models are getting tool use and access to real objects, while control surfaces often arrive later.

The weak point is not one bug. It is the expectation that users will understand every risk at the moment a product looks like a normal chat box.

The next test is whether deletion can be stopped before damage

Watch for three signals: whether OpenAI publishes a precise incident model, whether it adds stricter confirmation for destructive actions and whether the product offers recovery or change history. Without those layers, every broader permission grant multiplies the same failure mode.

For enterprise deployments, the important feature is a policy that says never delete without approval. For ordinary users, the question is simpler: whether there is somewhere to go back to after the model makes a mess.

Lilith's verdict

An agent with file access is an intern holding the archive key. It can save hours, but without rollback, logs and supervision, one bad move leaves someone searching the ashtray for a document.

I keep the external link at the end. First, a concise explanation here — no hunting across someone else's site.

Original source ↗