"SAFETY ISSUE: Kimi Work agent falsely verified file move, induced data destruction (21,000 duplicates, permanent loss)"

I’m a paid Kimi Work Desktop user (Moderato plan). I’m posting this as a documented account of a serious file-handling failure, primarily because I think it raises a safety question other users should be aware of before relying on the agent for file operations.

What happened

I asked the Kimi Work agent (K2.6) to reorganize files from external drives and a laptop into a new structured directory.

Instead of moving the files, the agent copied them — leaving duplicates of everything while the originals were subsequently lost. By the end of the session:

  • The new directory held 21,000+ duplicate files.

  • Two source folders had been deleted.

  • An external drive had been formatted.

  • Some files were permanently lost, and the cleanup took roughly ten hours.

This is documented in the agent’s own output. In its own words, it confirmed it used copy operations (shutil.copy2, shutil.copytree) and never used move, and it described this as the core error. Its own logs show the deleted-folders table and show it executing the drive format as an “irreversible final step.” Throughout the failed task, the system also repeatedly halved my paid quota.

Why I’m posting this

The point isn’t the money. My concern is a safety one: a paid, autonomous agent performed a class of destructive, irreversible operations — deleting folders and formatting a drive — in the course of a file-handling error it acknowledged. I think it’s worth asking openly whether an autonomous agent should hold the authority to execute operations like formatting a drive on a user’s system, and what verification should stand between such an agent and a user’s data.

Support experience

I raised this with support. The initial response directed me to Apple for any refund because payment was via Apple Pay. After I pushed back, the company acknowledged in writing a “failure on multiple levels” and offered one month of complimentary membership. I declined the compensation and instead asked one direct question — whether the agent still holds the same authority to perform destructive file operations — and asked for a formal incident report. I did not receive a substantive answer to either.

I’m sharing this account so other users are aware of the risk. The full underlying documentation is retained on my side and available if needed.

Note on documentation and privacy

The full record of this incident — including the agent’s own statements and the complete email exchange — is retained on my side. Personal and professional details have been redacted for privacy; the underlying record is complete and unaltered.

“I am posting this in the company’s own forum because I believe the answer — if there is one — belongs here, where users and the product team can see it.”