The National Information Technology Development Agency (NITDA) has issued a new cybersecurity warning to Nigerians following the discovery of emerging ChatGPT vulnerabilities capable of enabling data-leakage attacks.
The agency released the advisory through its Computer Emergency Readiness and Response Team as concerns grow over the increasing use of AI tools for business operations, academic work, and government services.
Researchers recently identified seven flaws affecting the GPT-4o and GPT-5 model families, with most of the risks linked to indirect prompt injection techniques embedded in online content.
The advisory explained that attackers can hide malicious instructions inside webpages, comments, or modified URLs, causing AI tools to perform unintended actions when users browse or summarise online material.
The agency noted that some of the flaws allow the bypassing of safety checks by disguising harmful instructions behind trusted websites, making them difficult for both users and AI systems to detect.
It also reported that markdown-based weaknesses enable hidden content to pass through the system’s filters, creating an opening for automated execution of harmful tasks.
In more severe cases, malicious actors can poison the model’s memory and force the system to retain harmful prompts that influence its future behaviour, raising long-term security concerns for individuals and organisations.
The agency emphasised that although OpenAI has addressed parts of the problem, ChatGPT vulnerabilities remain due to the challenge of distinguishing authentic user commands from manipulated online data.
NITDA warned that potential risks include unauthorised actions carried out by the system, accidental disclosure of sensitive information, misleading outputs, and persistent behavioural changes caused by memory-based manipulation.
The agency added that victims may trigger attacks without knowingly interacting with malicious content, especially when AI tools process web results containing embedded hidden commands.
The advisory recommended limiting the browsing and summarisation of unverified websites, particularly in corporate and government environments where sensitive information may be at risk.
It also advised users and organisations to update deployed GPT-4o and GPT-5 systems regularly to ensure known flaws are patched and security configurations remain active.
The notice followed an earlier alert issued months ago about a major eSIM vulnerability affecting billions of devices worldwide, showing the agency’s continued emphasis on protecting Nigerians from evolving digital threats.
