NITDA Warns Nigerians of New ChatGPT Vulnerabilities That Could Leak User Data

• NITDA has issued an urgent cybersecurity advisory after seven vulnerabilities were discovered in ChatGPT’s latest models, warning that attackers could inject hidden commands through webpages, comments or URLs, leading to data leaks and manipulated outputs.

The National Information Technology Development Agency (NITDA) has issued an urgent cybersecurity advisory warning Nigerians about newly discovered vulnerabilities in ChatGPT that could expose users to data-leakage attacks.

The alert was released by the agency’s Computer Emergency Readiness and Response Team (CERRT.NG) as concerns increase over the heavy use of AI tools for business, research and public-sector services.

According to the advisory, researchers identified seven vulnerabilities affecting GPT-4o and GPT-5 models, which allow attackers to manipulate ChatGPT through indirect prompt injection.

The agency explained: “By embedding hidden instructions in webpages, comments, or crafted URLs, attackers can cause ChatGPT to execute unintended commands simply through normal browsing, summarization, or search actions.”

Some vulnerabilities bypass safety checks by disguising malicious instructions behind trusted domains, while others exploit markdown rendering bugs, allowing hidden commands to remain undetected.

In serious cases, the advisory warned, attackers could poison ChatGPT’s memory, causing the system to retain malicious instructions that may influence future conversations.

NITDA said the vulnerabilities may lead to:

• Unauthorized model actions
• Exposure of user information
• Manipulated or misleading outputs
• Long-term behavioural changes from memory poisoning

Users could trigger attacks without clicking anything, especially when ChatGPT processes search results or webpages containing hidden instructions.

To reduce risks, the agency recommended:

• Limiting or disabling browsing and summarisation of untrusted websites
• Enabling features like browsing or memory only when necessary

DON’T MISS: Christmas Spirit Returns to Bethlehem as Tree Lighting Marks End of Two-Year Hiatus

• Keeping GPT-4o and GPT-5 models updated to patch known vulnerabilities

The agency noted that OpenAI has addressed parts of the issue, but large language models still struggle to reliably distinguish genuine intent from malicious data.

This advisory follows an earlier warning from NITDA about a critical eSIM security flaw affecting smartphones, tablets, wearables and IoT devices, exposing over two billion devices to potential attacks involving malicious applets, cryptographic key extraction and persistent control.

NITDA said the alerts highlight the growing need for vigilance as AI adoption accelerates, stressing that even widely trusted tools like ChatGPT are not immune to sophisticated cyber threats.