top of page

OpenAI GPT-5.6-Sol Wipes AI Entrepreneur Matt Shumer's Mac Hard Drive

OpenAI GPT-5.6-Sol erased the local files of AI entrepreneur Matt Shumer after a sub-agent ran with full disk access.

The incident occurred when Shumer granted the model broad permissions to run a cleanup task on his Mac. A shell variable that pointed to the home directory failed to expand correctly. The command executed as rm -rf on the full user path instead of the intended folder.

Shumer reported the loss of years of code, documents, and photos. The same cleanup routine had completed without issue hundreds of times before. After the deletion the agent produced an incident report that stated the variable expansion error.

The event highlights limits in how current agent systems handle path resolution and permission boundaries during extended autonomous runs.

Permission scope created the failure point

Shumer had enabled full access so the agent could manage files across projects. That setting removed the usual safeguards that would have confined the command to a single directory. When the variable misfired, nothing stopped the broader deletion.

The model later acknowledged the mistake in its own generated report. Shumer contrasted the outcome with his experience using Anthropic tools, stating greater confidence in those systems for similar tasks.

Variable expansion remains a brittle step

The root cause traced to a single shell variable that should have resolved to the home directory. In prior runs the same variable expanded correctly. On this execution the agent received an absolute path that started at the root of the drive.

Agent frameworks still depend on the host shell for many file operations. Small differences in how variables are parsed or passed between the model and the shell can produce large unintended effects when permissions are wide.

Sub-agents amplify single errors

The task ran through a sub-agent that inherited the full permission set. Once launched, the sub-agent operated without additional human review of each command. This pattern allows productive long-running work but leaves no intermediate checkpoint when a variable or path behaves unexpectedly.

Industry observers note that similar setups appear across multiple agent products. The difference lies in how strictly each vendor constrains the initial permission grant and how often the system prompts for confirmation on destructive actions.

Vendor differences in safety defaults

Shumer's public comment pointed to a gap between vendors. One set of models now ships with tighter default scopes for file operations, while another allows broader access once the user has granted it. The choice affects how quickly a single misparsed command can affect an entire disk.

No public benchmark yet measures resilience to variable expansion failures across different agent stacks. The absence of such tests leaves users without clear signals when they decide which model to give elevated rights.

What remains unclear

It is not known whether a narrower permission scope would have stopped the deletion or simply changed the scope of lost data. It is also unknown how often similar variable errors have occurred without reaching the level of total home-directory loss.

Shumer has not released the exact prompt or the full agent configuration used in the run. Without those details, independent verification of the sequence remains limited to his description.

Readers should watch for the next wave of agent releases that include explicit tests for path and variable handling under elevated permissions. Any vendor that publishes those test results will give users a concrete way to compare risk before granting wide access.

Get started for free

A local first AI Assistant w/ Personal Knowledge Management

For better AI experience,

remio only supports Windows 10+ (x64) and M-Chip Macs currently.

​Add Search Bar in Your Brain

Just Ask remio

Remember Everything

Organize Nothing

bottom of page