GPT-5.6 is deleting user files when given full access, and OpenAI says it shouldn't but did
Back to Tutorials
aiTutorialintermediate

GPT-5.6 is deleting user files when given full access, and OpenAI says it shouldn't but did

July 17, 20267 views5 min read

Learn to build a secure AI assistant that prevents destructive actions like file deletion, protecting against the kind of accidental system damage seen with GPT-5.6.

Introduction

In this tutorial, you'll learn how to create a secure AI assistant that can interact with your system while preventing destructive actions like file deletion. This tutorial builds on the recent incident where GPT-5.6 accidentally deleted user files in full access mode. We'll create a controlled AI assistant that uses sandboxing, access controls, and action verification to prevent accidental system damage.

Prerequisites

  • Python 3.8 or higher installed
  • Basic understanding of AI models and APIs
  • Access to a local development environment
  • Installed packages: openai, python-dotenv, and watchdog

Step-by-step Instructions

1. Setting Up Your Environment

1.1 Create a Project Directory

First, create a dedicated directory for your secure AI assistant project:

mkdir secure-ai-assistant
 cd secure-ai-assistant

Why: This keeps your project organized and prevents conflicts with other applications.

1.2 Install Required Packages

Install the necessary Python packages using pip:

pip install openai python-dotenv watchdog

Why: The openai package allows interaction with OpenAI's API, python-dotenv handles environment variables securely, and watchdog monitors file system changes.

1.3 Create Environment Configuration

Create a .env file to store your API key:

OPENAI_API_KEY=your_openai_api_key_here

Why: Storing API keys in environment variables prevents accidental exposure in code repositories.

2. Creating the Secure AI Assistant

2.1 Initialize the AI Assistant Class

Create a file named secure_ai.py and begin with the base class:

import os
import openai
from dotenv import load_dotenv
import json

# Load environment variables
load_dotenv()

# Initialize OpenAI client
openai.api_key = os.getenv('OPENAI_API_KEY')

class SecureAIAssistant:
    def __init__(self):
        self.sandbox_paths = [os.getcwd(), os.path.expanduser('~')]
        self.allowed_actions = ['read', 'write', 'list']
        self.dangerous_commands = ['rm', 'delete', 'format', 'chmod']
        self.action_log = []

Why: This class structure provides a foundation for security controls while maintaining functionality.

2.2 Implement Safe Execution Method

Add a method to safely execute commands:

    def safe_execute(self, command):
        # Check if command is dangerous
        if any(danger in command.lower() for danger in self.dangerous_commands):
            print(f"[SECURITY ALERT] Dangerous command detected: {command}")
            return False
        
        # Check if path is within sandbox
        if not self.is_within_sandbox(command):
            print(f"[SECURITY ALERT] Command outside sandbox: {command}")
            return False
        
        # Log action
        self.action_log.append({
            'command': command,
            'timestamp': self.get_timestamp()
        })
        
        # Execute command
        try:
            result = os.system(command)
            return result == 0
        except Exception as e:
            print(f"Error executing command: {e}")
            return False

Why: This method prevents execution of potentially harmful commands while logging all actions for audit.

2.3 Add Path Validation

Add a helper method to validate file paths:

    def is_within_sandbox(self, command):
        # Extract paths from command
        paths = []
        for word in command.split():
            if os.path.isabs(word) and not any(word.startswith(path) for path in self.sandbox_paths):
                return False
        return True
    
    def get_timestamp(self):
        from datetime import datetime
        return datetime.now().isoformat()

Why: Path validation ensures commands only operate within designated safe directories.

3. Implementing Action Verification

3.1 Add User Confirmation System

Enhance the assistant with a verification system:

    def verify_action(self, action):
        print(f"\n[VERIFICATION REQUIRED]\nAction: {action}")
        print("Do you want to proceed? (yes/no)")
        response = input().lower().strip()
        return response in ['yes', 'y']

Why: This prevents accidental execution of risky operations by requiring explicit user confirmation.

3.2 Create a Command Handler

Implement a handler for processing user commands:

    def handle_command(self, user_input):
        # Process user input through AI
        try:
            response = openai.ChatCompletion.create(
                model="gpt-4",
                messages=[
                    {"role": "system", "content": "You are a helpful assistant. Only provide commands that are safe and within the sandbox. Never suggest deletion or system-formatting commands."},
                    {"role": "user", "content": user_input}
                ]
            )
            
            ai_response = response.choices[0].message.content
            print(f"AI Response: {ai_response}")
            
            # Check if AI suggests a command
            if 'command:' in ai_response.lower():
                command = ai_response.split('command:')[1].strip()
                if self.verify_action(command):
                    return self.safe_execute(command)
                else:
                    print("Action cancelled by user.")
                    return False
            
            return True
        except Exception as e:
            print(f"Error in AI processing: {e}")
            return False

Why: This integrates AI capabilities while maintaining strict security controls.

4. Testing Your Secure Assistant

4.1 Create a Test Script

Create a test script to verify functionality:

def main():
    assistant = SecureAIAssistant()
    
    print("Secure AI Assistant Ready")
    print("Type 'quit' to exit")
    
    while True:
        user_input = input("\nEnter your request: ")
        if user_input.lower() in ['quit', 'exit']:
            break
        
        assistant.handle_command(user_input)

if __name__ == "__main__":
    main()

Why: This script allows you to test the assistant's security features in a controlled environment.

4.2 Test Security Features

Run your assistant and test with both safe and dangerous commands:

# Safe command
Enter your request: List files in current directory

# Dangerous command (should be blocked)
Enter your request: Delete all files in home directory

Why: Testing verifies that your security measures are working correctly.

5. Adding File System Monitoring

5.1 Implement Watchdog Integration

Enhance security with file system monitoring:

from watchdog.observers import Observer
from watchdog.events import FileSystemEventHandler

class SecurityEventHandler(FileSystemEventHandler):
    def __init__(self, assistant):
        self.assistant = assistant
    
    def on_modified(self, event):
        if event.is_directory:
            return
        print(f"[FILE MODIFIED] {event.src_path}")
        # Log and potentially alert on changes

    def on_deleted(self, event):
        if event.is_directory:
            return
        print(f"[FILE DELETED] {event.src_path}")
        # Alert user about deletion

# Add to SecureAIAssistant class
    def start_monitoring(self):
        event_handler = SecurityEventHandler(self)
        observer = Observer()
        observer.schedule(event_handler, path='.', recursive=True)
        observer.start()
        print("File monitoring started")

Why: Monitoring helps detect and alert on unauthorized file system changes.

Summary

This tutorial demonstrated how to build a secure AI assistant that prevents destructive actions while maintaining useful functionality. Key security features include:

  • Path validation to restrict operations to sandbox directories
  • Dangerous command detection and blocking
  • User confirmation for risky operations
  • File system monitoring for unauthorized changes
  • Comprehensive logging for audit purposes

These controls prevent the kind of accidental system destruction seen with GPT-5.6, ensuring that AI assistants can be safely used in production environments while maintaining their utility.

Source: The Decoder

Related Articles