The National Information Technology Development Agency (NITDA) on Monday warned Nigerians about newly discovered vulnerabilities in OpenAI’s GPT-4.0 and GPT-5 models that could expose users to data leakage.
The warning was issued in Abuja by the agency’s Director of Corporate Affairs and External Relations, Mrs. Hadiza Umar.
Umar said NITDA had identified seven critical weaknesses in the models, which could allow attackers to manipulate the system through indirect prompt injection.
“By embedding hidden instructions in webpages, comments or crafted URLs, attackers can cause ChatGPT to execute unintended commands during normal browsing, summation or search activities.
“Some flaws also enable attackers to bypass safety filters using trusted domains or exploit markdown rendering bugs to hide malicious content.
“This can even poison ChatGPT’s memory, causing injected instructions to persist across future interactions,” she said.
She noted that although OpenAI had addressed part of the issue, large language models still face challenges distinguishing genuine user intent from malicious embedded data.
According to her, the vulnerabilities pose substantial risks, including unauthorized actions, information leakage, manipulated outputs and long-term behavioral influence due to memory poisoning.
To minimize exposure, Umar advised organizations to limit or disable the browsing and summation of untrusted websites within enterprise environments.
“Only enable ChatGPT capabilities like browsing or memory when operationally necessary,” she said.
She further urged users and institutions to regularly update and patch the GPT-4.0 and GPT-5 models to ensure that known vulnerabilities are addressed.
