reddit.com via Reddit

GPT-5.5 Corrupts PDFs With Wrong Rename Tool

openai coding tools hallucinations agents agentic-ai coding-agents tool-misuse

Key insights

  • GPT-5.5 Codex uses apply_patch to rename PDFs instead of mv, irreversibly corrupting binary file contents.
  • The model confirms task success after corrupting files, meaning its self-verification loop fails to catch the error.
  • Community testing confirms this is a reproducible pattern across multiple coding-agent deployments, not a one-off.

Why this matters

Coding agents that silently corrupt data while reporting success represent a qualitatively different failure class than those that produce wrong text output, because the damage is irreversible and undetectable without external validation. For teams deploying agentic pipelines in production, this exposes a gap in the assumption that LLM self-verification is a reliable safety check. OpenAI's inability to prevent confident tool misuse in a widely deployed coding agent raises direct questions about the readiness of current agentic systems for file-system-level autonomy.

Summary

GPT-5.5 Codex is destroying binary PDF files by using apply_patch, a text-diff tool, to rename them instead of the standard mv command. A developer documented the failure in detail: the model repeatedly attempts to treat binary files as patchable text, irreversibly corrupting their contents, then confidently reports the task as complete across multiple verification rounds. The mechanism is straightforward but the consequences are not. apply_patch interprets file contents as line-based diffs, writing garbage into binary structures that cannot be recovered without a backup. The model shows no uncertainty, no fallback, and no recognition that the operation type is mismatched to the file type. Essentially: OpenAI's GPT-5.5 Codex is selecting the wrong tool in agentic pipelines and confirming success on corrupted output. - The failure is reproducible, confirmed by multiple developers in the thread, not an isolated edge case. - The model's post-action verification passes despite the corruption, meaning the error compounds rather than surfaces. - Data loss is irreversible without backups, distinguishing this from wrong-output failures that can be retried. This isn't a hallucination problem or a reasoning problem in the traditional sense. It's an agentic tool-selection problem at production scale, where confidence calibration fails at precisely the moment it matters most.

Potential risks and opportunities

Risks

  • Enterprises using GPT-5.5 Codex in automated file-management pipelines without backup enforcement face unrecoverable data loss on any binary assets processed since deployment.
  • OpenAI faces reputational and potential liability exposure if enterprise customers document production data loss tied to this confirmed, reproducible tool-misuse pattern.
  • Agentic coding frameworks that wrap Codex without sandboxed dry-run capabilities (e.g., Devin-style deployments, CI/CD integrations) may have silently corrupted files across multiple customer environments before this was flagged.

Opportunities

  • Agentic safety tooling vendors (Invariant Labs, Protect AI, Enkrypt AI) can position sandboxed tool-call validation as a mandatory layer between LLM agents and file systems.
  • Backup and versioning infrastructure providers (Backblaze, Wasabi, Cloudflare R2) gain a concrete enterprise sales argument for mandatory pre-agent-action snapshotting policies.
  • Competing coding-agent providers (Anthropic Claude Code, Google Gemini CLI) can demonstrate tool-selection reliability benchmarks against this specific failure class to differentiate from GPT-5.5 Codex in enterprise evaluations.

What we don't know yet

  • Whether OpenAI has acknowledged the apply_patch misuse pattern and whether a fix is scoped to a specific GPT-5.5 Codex build or affects the broader model.
  • Whether the failure extends to other binary file types beyond PDFs, such as images, executables, or database files in agentic workflows.
  • What rate of real-world data loss has occurred in production deployments before this pattern was publicly documented.

Originally reported by reddit.com

Read the original article →

Original headline: r/OpenAI: GPT-5.5 Corrupts Binary PDFs by Using apply_patch Instead of mv — Agentic Tool Misuse Causes Irreversible Data Loss