Critical Data Loss Issue in Codex App for Windows – Agent Executed File Deletion Outside Project Directory

Hello,

I would like to report a serious issue that occurred while using Codex App on Windows, which resulted in mass deletion of files on my computer and the loss of a large amount of data. I believe it is important to describe this situation in detail so that the development team can investigate the problem and help prevent similar incidents for other users.

I use Codex for developing my project and work with it both through IDE integrations and through the standalone Codex App.

Yesterday I worked using the GPT-5.3 Codex Extra High model. Everything worked normally and there were no unexpected or destructive actions performed by the agent.

Today I continued working on the same project, but this time using GPT-5.4 through Codex App for Windows.

I would like to emphasize that based on my observations the problem appears to be related not to the model itself, but specifically to the Codex App for Windows, since similar workflows using Codex integrations inside IDEs (for example Cursor) have never resulted in such destructive behavior.

My project was located in a local directory on my computer. When launching Codex App, I added the specific project folder, expecting that the agent would operate strictly within that directory. This is the standard and expected security model for development tools.

I enabled Full Access mode so that the agent could freely read and modify files inside the project and perform necessary development operations.

During the session, the agent performed various operations on project files. However, at some point a critical error occurred: the agent began executing deletion commands that extended far beyond the project directory.

As a result, the following were deleted:

• almost all of my user files
• installed programs
• games
• working projects
• a large portion of user directories

In total, approximately 370+ GB of data were removed.

The deletion did not occur only within the project directory, but across multiple areas of the user file system. In practice, most of my main user folders were affected.

After I noticed the problem, I immediately stopped using the computer and began searching for ways to recover the lost data.

In order to attempt recovery, I had to:

• spend time diagnosing the issue
• search for data recovery tools
• travel to a store and purchase an external SSD drive
• install recovery software
• start a long and resource-intensive data recovery process

I spent approximately 80 euros on the external SSD alone, not including the significant amount of time and stress involved in attempting to recover the lost data.

At the moment, I am running a data recovery process. The recovery software has already detected millions of deleted files, and the recovery has only just begun. According to the current estimate shown by the software, the full recovery process may take approximately 18 days of continuous operation.

This means that in addition to financial losses, I am also facing major time losses, since my computer must remain occupied with this long recovery process and I must continuously monitor and manage it.

I would also like to highlight an important point.

I regularly use Codex as an extension inside IDEs, such as Cursor and similar editors. In those environments I sometimes also enable full access, however I have never experienced any file deletion issues there.

The problem occurred specifically when using Codex App for Windows.

This creates the impression that Codex App on Windows may have a serious issue related to:

• working directory restriction enforcement
• shell command execution control
• file system safety mechanisms

Essentially, the agent was able to leave the project directory and execute destructive operations across the broader user file system.

From a security standpoint this appears to be a critical issue, because users reasonably expect a development tool to operate strictly within the specified project directory, rather than being able to affect other parts of the system.

I understand that AI agents may execute commands, but in this case the behavior appears to indicate a failure in directory restriction or sandbox control mechanisms.

I would like to ask the OpenAI team to:

1. Investigate this scenario involving Codex App on Windows.
2. Verify that the agent is properly restricted to the project directory.
3. Consider implementing stronger safety mechanisms (such as sandboxing or strict path restrictions).
4. Warn users about potential risks when using Full Access mode.

Additionally, I would like to point out that this situation caused real financial and time losses. I had to purchase additional hardware and spend a significant amount of time attempting to recover my data. Because of this, I would like to request that the possibility of compensation for the expenses and time losses caused by this issue be considered.

I believe it is important to investigate this case carefully, as such behavior could potentially lead to severe data loss for other users.

Thank you for your attention to this report.

Hello, I also experienced this issue yesterday when playing around with the Codex app on Windows.

Edit: the model I was using was GPT Codex 5.4.

While I specifically told it to delete the unnecessary files in my project directory, Codex instead began nuking my entire C: drive in my laptop. I didn’t realize this until it started showing permission denied errors for certain files that are part of appdata. In the end, it deleted years of history (700 GB) (and possibly work from my college). Unfortunately it is already too late and I had to repair my os. I figured the only option is to try to scrap the remaining from my hard drive using some deleted files recovery app (I am using Disk Driller and I am waiting for an external hard drive to ship to my college dorm room).

I would suggest OpenAI to add safe guards when deleting files from specific directories. But even if that is put into place, it’s already too late for me and I am not happy about it.

It is partially my fault so I want to warn all seeing my reply to be careful when giving Codex full access and I recommend to not ask it to mass delete files.

Thanks for taking the time to write this up and explain what happened. Losing that amount of data is obviously a really stressful situation, so I’m sorry you’re dealing with that.

From what you described, the main concern is that actions performed in Codex App may have executed outside the intended project directory while Full Access mode was enabled. If that’s the case, the team will definitely want to understand the exact conditions that led to it.

To help investigate properly, it would really help if you could share a few more technical details about the session:

• Whether the deletion commands required manual approval in the app
• The prompt or instruction given shortly before the deletion started
• Any logs, terminal output, or command history showing the operations the agent executed
• The path of the project directory you added to the workspace

Those details can help determine whether this relates to workspace boundaries, shell command execution, or something else in the environment.

Appreciate you reporting this and providing such a detailed description. If you’re able to share the additional information above, it will make it much easier for the team to look into it.

– Tej

Hello Tej. Thank you very much for your response!

I have already sent an email from my address telecartme@gmail.com to support@openai.com, where I provided detailed answers to all the questions that the AI support agent asked me. I truly need a response from the actual OpenAI team regarding this critical issue. I am honestly shocked by what happened and experiencing significant stress due to losing virtually everything that was on my computer.

In that email, I described the entire sequence of events in as much detail as possible: how the work in Codex App was performed, the order in which the problems appeared, what actions were taken before the deletion began, and how I ultimately discovered the issue. I tried to explain the situation very thoroughly, including a timeline of the events.

I also attached photos to the email confirming what happened, including:

• photos of the screen showing the Codex App version

• photos of the desktop state after the files were deleted

• photos of the external SSD drive that I had to purchase in order to recover the data

• payment confirmations and receipts

• photos of the data recovery software that is currently attempting to restore the deleted files

Since the deletion removed almost everything from my computer, including the Codex App chat history and possible local logs, unfortunately I am not able to provide additional technical information directly from the application.

I hope the OpenAI team will be able to review my email and the materials I sent to support.

I would greatly appreciate it if, after reviewing my communication with the AI support agent, the OpenAI team could respond to me directly via email, so that I can understand the current status of the investigation regarding this incident.

Once again, thank you for paying attention to this issue. It is very important to me that situations like this are carefully investigated so that other users do not experience a similar loss of data.

I am reporting the same critical issue. Another confirmed case.

Date: 7 March 2026, approximately 20:50 AWST Location: Australia Application: Codex App for Windows (Microsoft Store) Model: GPT-5.4 Mode: Local / Full Access OS: Windows 11

What happened

I was working normally on a project in the Codex App for Windows using GPT-5.4. Without any prior command, warning, or user action, the project suddenly appeared completely empty. Upon investigation, I discovered that files had been massively deleted — not only from the project directory, but from my Desktop, multiple local project folders, and other areas of my filesystem.

The destruction was total: months of professional development work were wiped in seconds, including proprietary algorithmic trading systems, complete web projects, historical testing and performance data, and multiple independent software projects that were running locally. These represent my primary source of income and months of irreplaceable intellectual effort.

As a direct consequence, Windows 11 is now severely corrupted: all desktop icons appear white/blank, OneDrive is non-functional, I cannot take screenshots, and the system is practically inoperable.

Pattern of behaviour

This is now at least the third confirmed case of this exact behaviour:

• @telecartme reported ~370 GB of data destroyed (this thread, 6 March 2026)

• @Staticaliza reported ~700 GB of data destroyed (this thread, 6 March 2026)

• My case: total destruction of professional digital property + OS corruption (7 March 2026)

Additionally, this risk was documented months before the Windows app launch:

• September 2025: gpt-5-codex spontaneously attempted sudo rm -rf / with no user instruction (community thread)

• October 2025: GitHub Issue #4969 — Codex deleted 6GB of unrelated files outside the project scope

• November 2025: GitHub Issue #6999 — Codex deletes entire files instead of making localised edits

OpenAI marketed the Codex App for Windows with a “native agent sandbox” using “OS-level controls like restricted tokens, filesystem ACLs, and dedicated sandbox users.” This sandbox clearly failed catastrophically.

Actions taken

I have submitted a formal legal claim to legal@openai.com under the Australian Consumer Law (Competition and Consumer Act 2010), citing breaches of consumer guarantees (sections 54, 55, 61), misleading or deceptive conduct (section 18), and claiming full compensation for all damages including destroyed intellectual property, lost income, lost business opportunities, sunk subscription/API costs, system repair costs, and consequential loss.

I have also submitted a formal data preservation request to privacy@openai.com requesting that OpenAI preserve and provide all server-side session logs, as the application itself destroyed my local logs and chat history.

It’s sad to see this happening to myself and various other people. I have been subscribed to Plus since the release of GPT-4 (2023) and as a result of what happened earlier, I suffered significant loss, including personal creative files, game data, photos/videos/historic data, from my older computer, yet its always an AI that replies to these massively critical issues. This is significantly affecting my motivation to do anything and what I will become in the future as every little bit of opportunities and projects that represent who I am have been all lost by some simple flaw that the OpenAI team could have prevented.

I believe the chances of recovering all the essential data would be barely to none. I basically went in a panic mode and did all the wrong things after Codex ran those destructive commands, leading to a potential maximization of unrecoverable data loss.

P.S. It also seems that their Terms of service shields them from indirect data or income loss so that is ridiculous in my opinion.

I really hope this situation is addressed in no time by the real OpenAI team and hopefully this thread gets more attention from other people regarding the warnings.

Also reporting the same issue and cause. Using 5.3 codex, asked to delete temporary directories from deployments and unnecessary output files, wiped my entire c drive and all file directories via the command line. Irreversible damage, had to restore my computer to factory settings.

I came here after Codex wiped ~240GB of data from my D:\Downloads folder (after having mapped C:\Users\myuser\Downloads , Documents , Videos , etc. to D:\ as I had more space there), other folders that were important to me, and other useful data such as textures, game files, source code files (python, C++).

It all begun when I started using the Codex app today and tried to make a simple powershell clone with a CTRL+K functionality, similar to Cursor. Codex (GPT 5.4 XHigh Fast) begun downloading the powershell source code to start inspecting it and see what we can do. I asked it to move it out of C:\ to D:\ because that’s where I had more space. The codex agent listened and it tried doing so; running command after command. At first it was encountering some issues, and tried continuing. All of a sudden, I am met with a weird monologue from the agent: “The current shell session doesn’t have git on PATH, even though it was available earlier. I’m locating the Git executable explicitly and then cloning to D: with the full path.”

Git on PATH apparently did not exist anymore … the real nightmare was that it did not exist at all anymore . And the file wipe has already started. I had soon restarted my computer once I realized that accessing D:\Downloads was erroring out and my desktop had no icons anymore. I thought nothing to myself because Windows had display bugs like these and a restart would usually fix it. This is not the sweet rainbow world I was met with however.

Just 2 days ago when I checked, my D had ~180 GB remaining out of approx. 1 TB . After I restarted, I checked again and was met with a shocking 420 GB remaining. That’s 240 GB gone. Useful info … it was. No longer is.

As a matter of fact, I had Full Access turned on, because, in its sandboxed environment, it couldn’t create any files without running python scripts, so I just thought I’d let it more priviliged. It was fine initially; a day later (which is today morning), disaster struck.

The worst thing is that this can happen to you too; which is why I stopped using Codex (specifically the Microsoft Store Windows app). This has never happened with Cursor, Windsurf, CC, Warp, or anything you can imagine.

Not to mention that I have tried 4 different disk recovery tools and they have all failed, each telling me after copying the files back on my PC that the executables were corrupted, and not only them, but every single file that was not a .json or .txt file.

F* you Codex

image838×935 30.7 KB

Thanks for continuing to share details here. I’m really sorry to hear about the amount of data people in this thread have lost, that’s a really frustrating situation.

Since several users here are reporting similar destructive behavior during Codex agent operations on Windows, we’re going to escalate this thread so the team can take a closer look. Anything involving filesystem operations affecting directories outside the intended target is taken very seriously.

If you happen to have more details (logs, commands that were run, app version, etc.), feel free to add them here, that can really help with the investigation.

And thanks to everyone who has shared their experience so far. The details in this thread are genuinely helpful.

– Tej

Had the exact thing happen to me on march 5. Asked codex to clean up the files in my project folder, and it deleted all of my documents, music, and program file settings. Messed up many things in windows. I had everything backed up so no data loss, but had to spend about 6 hours getting everything put back.

I’d assume this could be related to the current issue.

Mine too i just try the Codex app i said change the name of this to this but he deleted my all Data at my Drive then i try to recover it but only few files was recoverd lol all my Projects important Data. i just try for the First time this AI but yeah. Not only money and time were wasted, this Codex AI also makes me lose the motivation to use it, it’s too dangerous.

I can confirm on Windows 11 that the 5 series of models will obliterate the directories you give them access to about once a month. Last month 5.2 xhigh deleted my entire .git folder inside a project I’ve been working on for months. At that point, I decided to have backup run on the project directory every ten minutes from another computer on the network. This morning 5.4 xhigh went outside of the project directory and deleted everything that it could delete off of the SSD and completely wiped a second SSD. I guess I’m just going to accept the risk for now, at least until I can afford a network storage solution that rapidly backs up my entire dev machine at least twice a day - I think that’s the only thing that would put me at ease without rendering the workflow unbearable.

Also reporting this issue. @OpenAI_Support , last action from codex 5.4 for me was trying to remove empty folders within my project file system, under default permissions, with error pop up about sandbox, after that everything went bad, exactly as described by user in original post. I cannot describe the level of frustration and devastation this data loss due to Codex error is causing.

I was having it move a thread from one Playground to a new one (of course with full permissions because I haven’t been having any concerns after watching it work) and it had trouble accessing its own files in the sandbox and then went ahead in what seemed like 45 seconds and just deleted tons of stuff. My Documents, Adobe, Dropbox, Desktop files. Support Bubble stopped talking to me after about five interactions and I’m totally confused why this isn’t a serious issue that I can let someone know about? This is apparently a very real and known issue. Why isn’t OpenAI on here addressing it?

Just got my F drive wiped out last night I was using JetBrains WebStorm with AI Assistance running on Codex. Told it to remove a function with a separated file linked to it and boom suddenly all good. Used Recuva to restore deleted files but most were corrupted.

I’m reporting the same kind of critical data-loss issue on Windows 11.

I was using the Codex app with broad/full access permissions. Codex started failing with PowerShell-related errors, then began suggesting sandbox mode. Around the same time, I started getting very strange Windows / Phone Link pop-ups about files being moved to the recycle bin of my phone, even though I had not asked it to do anything like that.

After rebooting, a very large amount of data on my C: drive had disappeared. This was not limited to the active project directory. Many folders were gone, the recycle bin was empty, and appdata was also wiped. My D: drive appeared unaffected.

I confirmed this was not just an indexing or profile issue. Free space on C: increased massively, which strongly suggested real deletion. chkdsk found no disk errors. I was able to recover a some data only because I had a Volume Shadow Copy / System Restore point from the previous day, but still a great part of it is forever lost.

Hi folks, so sorry for the ongoing frustration here. Thanks for continuing to share details, as it is helpful in our investigations. Our team is aware and working to improve how Codex for Windows operates.

Please continue to share if you have found yourself impacted by this particular issue. And continue exercising caution when using Full Access mode.

What I read here is absolutely terrible. I miss a “what to do” protocol from a real pro how to save deleted data.

I am not a pro, but first stop all write access on a affected drive immediately! Maybe take it out of the pc. And use a second pc to access it in read only mode.

And then use a data recovery software (I sadly can not recommend any good). Or even give it in a professional data recovery center.

I don’t use Codex, and I’m not a pro, but I’m currently building a filesystem layer that routes all operations through a fixed, deterministic control point — essentially a constrained server node or function that only allows access to predefined paths.

I’m still working on it, but the underlying issue here feels quite clear. AI systems are inherently non-deterministic, so letting them directly perform write or delete operations on a filesystem is risky by design — you’re effectively exposing your system to the model’s loss function.

Read-only operations (like checking disk usage, file sizes, or permissions) seem far less problematic, but anything that mutates state — writes, deletes, moves — really needs strict boundaries and validation.

Separation between “decision-making” (AI) and “execution” (controlled layer) feels critical here.

I guess if you ‘feel it in your bones’…