Nigeria’s National Information Technology Development Agency (NITDA) has issued a serious cybersecurity warning after identifying new vulnerabilities in OpenAI’s latest GPT-4.0 and GPT-5 models that could expose users to hidden data-leakage risks.
In a notice shared on its official X page, NITDA’s Computer Emergency Readiness and Response Team (CERRT.NG) revealed that seven major vulnerabilities were discovered. These flaws make it possible for attackers to manipulate ChatGPT through indirect prompt injections hidden inside normal online content.
According to the agency, hackers can embed malicious instructions inside webpages, online comments, or specially crafted URLs. When ChatGPT browses, summarizes, or interacts with such content, it may unknowingly execute harmful commands.
CERRT also highlighted that some vulnerabilities allow attackers to slip past safety filters by using trusted domains or exploiting markdown formatting weaknesses to disguise harmful input.
One of the most alarming issues is the possibility of long-term manipulation. The agency warns that attackers can “poison” ChatGPT’s memory so that malicious instructions remain active far into the future, potentially affecting both personal and enterprise users.
While OpenAI has reportedly fixed some of the issues, CERRT insists that large language models still struggle to distinguish between genuine instructions and hidden malicious content.
Potential Risks
NITDA warns that these vulnerabilities could lead to:
Unauthorized actions performed by ChatGPT
Sensitive information leakage
Manipulated or misleading responses
Long-term behavior changes caused by memory poisoning
Worse still, users can be affected without clicking anything, especially when ChatGPT browses or processes content containing hidden threats.
Safety Recommendations
To protect themselves, NITDA advises users and organizations to:
Disable or limit ChatGPT’s browsing and summarization features for untrusted websites
Enable browsing and memory only when necessary
Keep GPT-4.0 and GPT-5 systems updated with the latest patches
Read Also;
Hilda Baci Explains Cutback in Jollof Rice World Record Attempt
NITDA Also Alerts Nigerians About Cisco Firewall Risks
In a separate advisory, NITDA’s CERRT.NG warned about new security threats targeting Cisco firewall devices used by banks, government agencies, businesses, and internet service providers.
Hackers are now exploiting a newly discovered attack method — combining older vulnerabilities with fresh techniques — to force Cisco Secure Firewall ASA and Cisco Secure Firewall Threat Defense (FTD) devices to restart unexpectedly.
This can cause sudden network outages and denial-of-service incidents in affected organizations.
NITDA urges all institutions using Cisco firewall systems to apply updates, monitor their networks, and implement necessary security patches immediately.
