Follow Us on Google
The National Information Technology Development Agency (NITDA) has issued an urgent cybersecurity advisory warning Nigerians about newly discovered vulnerabilities in ChatGPT that could expose users to data-leakage attacks. The notice was released through its Computer Emergency Readiness and Response Team, CERRT.NG, as concerns rise over AI tools interacting with unsafe web content and the growing reliance on ChatGPT for business, research, and public-sector tasks.
According to the advisory, researchers identified seven vulnerabilities affecting GPT-4o and GPT-5 models, allowing attackers to manipulate ChatGPT through indirect prompt injection. Hidden instructions embedded in webpages, comments, or URLs can trigger unintended commands during regular browsing, summarisation, or search actions. “By embedding hidden instructions in webpages, comments, or crafted URLs, attackers can cause ChatGPT to execute unintended commands simply through normal browsing, summarization, or search actions,” the agency said.
Some flaws bypass safety controls by masking malicious content behind trusted domains, while others exploit markdown rendering bugs, allowing hidden instructions to go undetected. In severe cases, attackers can poison ChatGPT’s memory, causing the system to retain malicious instructions that influence future conversations. The advisory noted that while OpenAI has addressed parts of the issue, large language models still struggle to reliably distinguish genuine user intent from malicious data. NITDA warned that these vulnerabilities could result in unauthorized actions by the model, unintended exposure of user information, manipulated or misleading outputs, and long-term behavioural changes from memory poisoning. Users may trigger attacks without interacting with anything directly, especially when ChatGPT processes search results or webpages containing hidden malicious instructions.
Other News
To mitigate risks, the agency urged Nigerians, businesses, and government institutions to limit or disable browsing and summarisation of untrusted websites, enable features like browsing or memory only when necessary, and keep GPT-4o and GPT-5 models regularly updated to patch known vulnerabilities.
This advisory follows an earlier warning from NITDA about a critical security flaw affecting embedded SIM (eSIM) cards in smartphones, tablets, wearables, and IoT devices. That vulnerability, linked to the GSMA TS 48 Generic Test Profile, exposed over two billion devices worldwide to attacks that could install malicious applets, extract cryptographic keys, or clone eSIM profiles, potentially enabling intercepted communications and persistent device control.
NITDA’s latest alert highlights the growing need for vigilance as AI adoption accelerates, emphasizing that even widely trusted tools like ChatGPT are not immune to sophisticated cyber threats.
