The National Information Technology Development Agency (NITDA) has issued a security advisory warning Nigerians about newly discovered vulnerabilities in OpenAI’s GPT-4.0 and GPT-5 series, which could expose users to data-leakage and other cyber threats.
According to the agency’s Director of Corporate Affairs and External Relations, Mrs. Hadiza Umar, NITDA has identified seven critical weaknesses that allow attackers to exploit the systems through indirect prompt injection—embedding hidden instructions in webpages, comments or crafted URLs that could cause ChatGPT to execute unintended commands during routine browsing, summarisation or search activities..
Some flaws also enable attackers to bypass safety filters using trusted domains, and exploit markdown rendering bugs to hide malicious content.
That act can even poison ChatGPT’s memory so that injected instructions persist across future interactions,” she said.
Umar said that although OpenAI had addressed part of the issue, large language models still faces challenges in distinguishing genuine user intent from malicious embedded data.
She said that the technique had embedded hidden instructions in webpages, online comments, or crafted URLs, which can mislead ChatGPT into executing unintended actions during routine browsing or search activities.
Umar said the vulnerabilities posed substantial risks, including unauthorised actions, information leakage, manipulated outputs and long-term behavioural influence due to memory poisoning.
She said that to avoid the risks, the agency urges organisations to limit or disable the browsing and summarisation of untrusted websites within enterprise environments.
