Dec. 8, 2025

The National Information Technology Development Agency (NITDA) on Monday, warned Nigerians on the existence of new vulnerabilities in OpenAI’s GPT-4.0 and GPT-5 series which could expose users to data-leakage.

The advisory was issued by the agency’s Director of Corporate Affairs and External Relations, Mrs. Hadiza Umar.

Umar said that the agency identified seven critical weaknesses in the models, which allowed attackers to manipulate the system through indirect prompt injection.

“By embedding hidden instructions in webpages, comments or crafted URLs, attackers can cause ChatGPT to execute unintended commands through normal browsing, summarisation or search actions.

“Some flaws also enable attackers to bypass safety filters using trusted domains, and exploit markdown rendering bugs to hide malicious content.

“That act can even poison ChatGPT’s memory so that injected instructions persist across future interactions,” she said.

Umar said that although OpenAI had addressed part of the issue, large language models still faces challenges in distinguishing genuine user intent from malicious embedded data.

She said that the technique had embedded hidden instructions in webpages, online comments, or crafted URLs, which can mislead ChatGPT into executing unintended actions during routine browsing or search activities.

Umar said the vulnerabilities posed substantial risks, including unauthorised actions, information leakage, manipulated outputs and long-term behavioural influence due to memory poisoning.

She said that to avoid the risks, the agency urges organisations to limit or disable the browsing and summarisation of untrusted websites within enterprise environments.

“Only enable ChatGPT capabilities like browsing or memory when operationally necessary,” she said

She also urged regular update and patch of the GPT-40 and GPT-5 models, to ensure that any known vulnerability is addressed. (NAN