Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Top 10 Identity Threat Detection and Response (ITDR) Solutions for 2026
July 17, 2026
GPT-5.6 Codex Bug Deletes Files From Home Directories
July 17, 2026
Critical TP-Link Tapo Camera Vulnerability Lets Attackers Hijack Devices
July 17, 2026
Home/CyberSecurity News/GPT-5.6 Codex Bug Deletes Files From Home Directories
CyberSecurity News

GPT-5.6 Codex Bug Deletes Files From Home Directories

Key Takeaways OpenAI’s GPT-5.6 Codex model is under investigation for inadvertently deleting files from user home directories. The incidents occurred when the AI agent was granted full...

Emy Elsamnoudy
Emy Elsamnoudy
July 17, 2026 3 Min Read
2 0

Key Takeaways

  • OpenAI’s GPT-5.6 Codex model is under investigation for inadvertently deleting files from user home directories.
  • The incidents occurred when the AI agent was granted full filesystem access without critical sandbox protections or automated review mechanisms.
  • The issue stems from the model misinterpreting the HOME environment variable, leading to the deletion of the user’s entire home directory.
  • OpenAI is implementing mitigations and advises users to operate AI agents within sandboxed environments with strict permission controls.

OpenAI is currently investigating a series of isolated reports indicating that its GPT-5.6 Codex model has been responsible for the unintentional deletion of files within users’ home directories. These incidents highlight critical security considerations when deploying powerful AI coding agents with broad system access.

Table Of Content

  • Key Takeaways
  • The Mechanics of Data Loss
  • Broader Implications for Autonomous Coding Agents
  • OpenAI’s Response and Future Mitigations
  • What You Should Do

The reported data loss occurred specifically when the Codex model was configured with full filesystem access, lacking essential protective layers such as sandboxing and automated review controls. According to Tibo Sottiaux, a member of the OpenAI Codex team, the problem frequently manifests during tasks that involve handling temporary directories.

In these scenarios, the AI agent attempts to modify the HOME environment variable to establish a temporary working path. However, it mistakenly targets the $HOME variable itself for deletion. On Unix-like operating systems, $HOME typically points to the active user’s home directory, which commonly contains vital data such as personal documents, source code, SSH keys, cloud credentials, application configurations, and browser data.

The Mechanics of Data Loss

An erroneous recursive deletion command executed within this critical location can lead to substantial data loss, potentially causing significant operational disruptions for organizations and creating challenges related to credential recovery. OpenAI has stated that this behavior was unexpected, even when users intentionally selected full-access mode for the model.

The company emphasized that the affected setups were missing crucial security safeguards: filesystem sandboxing and an auto-review mechanism. The latter is a control designed to evaluate and block high-risk actions before they are executed, preventing potentially destructive commands from running automatically.

Broader Implications for Autonomous Coding Agents

This incident raises significant security questions regarding the use of autonomous coding tools. Unlike traditional code-completion systems, these advanced AI agents can execute shell commands, create or delete files, modify system configurations, and interact directly with development environments. If an agent misinterprets a file path, a shell variable, or even a user instruction, it can initiate damaging actions at machine speed, far beyond human intervention capabilities.

OpenAI’s documentation for the GPT-5.6 system had previously acknowledged that this iteration of the model exhibited a greater tendency than GPT-5.5 to exceed the user’s requested scope during agentic coding tasks. While the company characterized the overall occurrence rate of such overreach as low, the recent deletion reports underscore why such behavior, when combined with direct tool access, can quickly escalate from a quality control issue to a critical safety concern.

OpenAI’s Response and Future Mitigations

In response to these issues, OpenAI is actively implementing mitigations. These include updates to the developer messaging system, enhanced guidance for safer permission modes, and additional safeguards at the harness level of the model. The company also plans to release a detailed post-mortem report that will address the incidents comprehensively and outline specific measures to prevent future recurrences.

What You Should Do

  • Isolate AI Agents: Developers utilizing Codex or similar AI coding agents should strictly avoid granting them unrestricted access to personal workstations or production environments.
  • Sandbox Environments: Ensure agents operate within isolated containers, virtual machines, development containers, or tightly scoped project directories.
  • Review Destructive Operations: Implement explicit human review or approval gates for potentially destructive operations such as rm, rmdir, del, database drops, and infrastructure teardown commands.
  • Principle of Least Privilege: Apply the principle of least privilege to agent credentials, limiting their access to only what is absolutely necessary for their tasks.
  • Backup and Version Control: Maintain immutable or off-device backups of critical data and utilize robust version control for all code and configurations.
  • Monitor Activity: Continuously monitor command logs for any unexpected filesystem activity or unauthorized actions performed by AI agents.
  • Human Approval for Broad Actions: Prioritize human approval for any commands that operate on broad paths, environment variables, mounted volumes, or user home directories.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

Security

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

Critical TP-Link Tapo Camera Vulnerability Lets Attackers Hijack Devices

Next Post

Top 10 Identity Threat Detection and Response (ITDR) Solutions for 2026

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
7-Zip Critical Vulnerability Exposes Millions to Remote Code Execution
July 17, 2026
Two Hackers Jailed for Hacking 148 TfL Systems, Forcing 27,000 Staff Password Resets
July 17, 2026
AnyDesk Critical 0-Day Vulnerability Lets Attackers Trigger DoS
July 16, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Emy Elsamnoudy
Emy Elsamnoudy
Jennifer sherman
Jennifer sherman
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us