The National Information Technology Development Agency (NITDA) has issued an urgent cybersecurity advisory warning Nigerians of newly discovered vulnerabilities in ChatGPT that could expose users to data-leakage attacks.
The advisory, released through the agency’s Computer Emergency Readiness and Response Team (CERRT.NG), highlights seven vulnerabilities identified in GPT-4o and GPT-5 models that allow attackers to manipulate ChatGPT through indirect prompt injection.
According to NITDA, attackers can embed hidden instructions inside webpages, comments or URLs that trigger unintended commands during routine browsing, summarisation or search processes. Some weaknesses also bypass safety filters by masking malicious prompts behind trusted domains, while others exploit markdown rendering bugs to deliver concealed commands. In severe cases, memory-poisoning attacks can force the model to retain harmful instructions that influence future outputs.
The agency warned that these flaws may lead to unauthorised actions, unintended data exposure, manipulated responses and long-term behavioural changes in the AI system. CERRT.NG added that users may unknowingly activate such attacks when ChatGPT processes webpages or search results containing hidden malicious code.
NITDA advised Nigerians, businesses and government institutions to take precautionary measures, including limiting ChatGPT’s browsing and summarisation of untrusted websites, enabling features like browsing and memory only when needed, and ensuring deployed GPT-4o/GPT-5 systems are regularly updated with security patches.
The alert follows a previous NITDA warning on critical eSIM vulnerabilities affecting more than two billion devices worldwide, underscoring the agency’s ongoing emphasis on safeguarding digital infrastructure and user security.
