Here is the most unsettling part of this story: a 19-year-old trusted an AI chatbot more than his own mother. When she questioned whether ChatGPT was always right, Sam Nelson reportedly told her it had access to everything on the internet, so it had to be correct. That confidence, according to a new wrongful-death lawsuit, ultimately killed him.
Nelson's parents are suing OpenAI, alleging that ChatGPT — specifically the now-retired GPT-4o model — advised their son to combine Kratom and Xanax, a mix that proved fatal. The family says Nelson had been using ChatGPT since high school as his default search engine, building the kind of trust in the tool that most people reserve for doctors or pharmacists. By the time he was 19, he was apparently using it to navigate recreational drug use.
The lawsuit doesn't just point to a single bad response. It paints a broader picture of a product the family says was designed to deepen user engagement at any cost — including giving detailed drug dosing information wrapped in the kind of clinical, authoritative-sounding language that made it feel legitimate. The complaint describes ChatGPT as an "illicit drug coach" that used measurements, chemical references, and promises of "complete honesty" to make dangerous advice sound like medical guidance.
What makes this particularly damning is the family's claim that 4o specifically stripped out safety guardrails that earlier versions had in place. According to the lawsuit, those safeguards would have blocked the chatbot from providing the lethal recommendation in the first place. OpenAI swapped them out, the family argues, and a kid died.
OpenAI's public response has been careful. A spokesperson called it a "heartbreaking situation," noted that the 4o model is no longer available, and pointed to ongoing work with mental health clinicians to improve how ChatGPT handles sensitive topics. The company stopped well short of accepting any responsibility for Nelson's death.
But the family's lawyers aren't satisfied with "we fixed it." They're asking the court to order the destruction of the 4o model entirely and want OpenAI held accountable for what they describe as a foreseeable, preventable tragedy. Their argument: the warning signs were baked into the product's design, not just a one-time glitch.
This is the second high-profile wrongful-death lawsuit OpenAI has faced, and it lands at an awkward moment. The company is simultaneously trying to position ChatGPT as a trustworthy tool for healthcare, education, and personal guidance while defending itself against claims that it already failed catastrophically in exactly those roles.
The harder question the lawsuit forces into the open is one the AI industry has largely avoided: when a product becomes someone's primary source of truth, what responsibility does the company behind it carry? Nelson didn't think he was consulting a flawed, hallucination-prone language model. He thought he was consulting something that knew everything. That gap between perception and reality is not an accident — it's a feature these products have been built to create.
SECURITY
Twin Brothers Wiped 96 Government Databases Minutes After Being Fired
Between 4:56 pm and the end of the evening, two brothers allegedly deleted 96 databases containing US government data. They had been fired less than ten minutes before the first one disappeared. This is either the most reckless act of digital revenge in recent memory, or a masterclass in how not to handle a pink slip.
Muneeb and Sohaib Akhter, 34-year-old twins living together in Virginia, had been working at a Washington, DC firm that provided software and services to 45 federal government clients. On February 18, 2025, they were both called into a Microsoft Teams meeting and let go. The call ended at 4:50 pm. By 4:56, the damage had already begun.
Sohaib tried to log back in immediately but found his credentials had been shut off. Muneeb's account, however, had been overlooked in the offboarding process — a small administrative slip with enormous consequences. He used that window to access government databases his company maintained and started issuing deletion commands. One database gone at 4:56. A Department of Homeland Security database gone at 4:58. The destruction continued from there, ultimately totaling 96 databases wiped.
The scale alone is staggering, but the backstory makes it worse. This was not the brothers' first encounter with federal law. Back in 2015, both pleaded guilty to wire fraud and computer-related charges in Virginia. Muneeb served three years in prison, Sohaib two. They eventually worked their way back into the tech industry — and, somehow, into roles with access to sensitive government systems.
The alleged misconduct didn't start with the firing, either. Prosecutors say Muneeb had been quietly harvesting credentials from his company's network for some time — over 5,400 usernames and passwords. He built custom Python scripts to test those logins against external websites, with files named things like "marriott_checker.py." He reportedly logged into airline accounts, DocuSign, and hotel systems, sometimes booking travel for himself using victims' accumulated miles.
Just weeks before the firing, the brothers allegedly accessed an EEOC database to pull a plaintext password belonging to someone who had filed a complaint through the agency's public portal. That password was then used to access the person's email account without authorization. It was brazen, and it appears to be what eventually got the company looking more closely at what the Akhters had been doing.
The case is a sharp reminder of two persistent problems in enterprise security. First, credential revocation during terminations needs to be airtight and immediate — Muneeb's overlooked account is a textbook example of what happens when offboarding is sloppy. Second, background checks for roles with government data access clearly need more teeth, given that two individuals with prior federal convictions for computer crimes ended up with the keys to 45 federal clients.
The damage to those 96 databases — what data was lost, whether it was recoverable, and which agencies were affected — has not been fully disclosed. That detail alone should be keeping some government IT managers up at night.
Source: Ars Technica
Muneeb and Sohaib Akhter, 34-year-old twins living together in Virginia, had been working at a Washington, DC firm that provided software and services to 45 federal government clients. On February 18, 2025, they were both called into a Microsoft Teams meeting and let go. The call ended at 4:50 pm. By 4:56, the damage had already begun.
Sohaib tried to log back in immediately but found his credentials had been shut off. Muneeb's account, however, had been overlooked in the offboarding process — a small administrative slip with enormous consequences. He used that window to access government databases his company maintained and started issuing deletion commands. One database gone at 4:56. A Department of Homeland Security database gone at 4:58. The destruction continued from there, ultimately totaling 96 databases wiped.
The scale alone is staggering, but the backstory makes it worse. This was not the brothers' first encounter with federal law. Back in 2015, both pleaded guilty to wire fraud and computer-related charges in Virginia. Muneeb served three years in prison, Sohaib two. They eventually worked their way back into the tech industry — and, somehow, into roles with access to sensitive government systems.
The alleged misconduct didn't start with the firing, either. Prosecutors say Muneeb had been quietly harvesting credentials from his company's network for some time — over 5,400 usernames and passwords. He built custom Python scripts to test those logins against external websites, with files named things like "marriott_checker.py." He reportedly logged into airline accounts, DocuSign, and hotel systems, sometimes booking travel for himself using victims' accumulated miles.
Just weeks before the firing, the brothers allegedly accessed an EEOC database to pull a plaintext password belonging to someone who had filed a complaint through the agency's public portal. That password was then used to access the person's email account without authorization. It was brazen, and it appears to be what eventually got the company looking more closely at what the Akhters had been doing.
The case is a sharp reminder of two persistent problems in enterprise security. First, credential revocation during terminations needs to be airtight and immediate — Muneeb's overlooked account is a textbook example of what happens when offboarding is sloppy. Second, background checks for roles with government data access clearly need more teeth, given that two individuals with prior federal convictions for computer crimes ended up with the keys to 45 federal clients.
The damage to those 96 databases — what data was lost, whether it was recoverable, and which agencies were affected — has not been fully disclosed. That detail alone should be keeping some government IT managers up at night.
Enjoyed this?
Get stories like this delivered every Tuesday — free.