NITDA Alerts Nigerians To ChatGPT Vulnerability That Enables Data-Leakage Attacks

The National Information Technology Development Agency (NITDA) has issued an advisory on new vulnerabilities in ChatGPT that could expose users to data-leakage attacks.

According to the advisory, researchers discovered seven vulnerabilities affecting GPT-4o and GPT-5 models that allow attackers to manipulate ChatGPT through indirect prompt injection.

The agency explained that hidden instructions placed inside webpages, comments, or URLs can trigger unintended commands during regular browsing, summarisation, or search actions.

“By embedding hidden instructions in webpages, comments, or crafted URLs, attackers can cause ChatGPT to execute unintended commands simply through normal browsing, summarization, or search actions,” they stated.

The warning followed rising concerns about AI-powered tools interacting with unsafe web content and the growing dependence on ChatGPT for business, research, and public-sector tasks.

NITDA added that some flaws allow the bypassing of safety controls by masking malicious content behind trusted domains.

Other weaknesses take advantage of markdown rendering bugs, enabling hidden instructions to pass undetected.

It explained that in severe cases, attackers can poison ChatGPT’s memory, forcing the system to retain malicious instructions that influence future conversations

They stated that while OpenAI has fixed parts of the issue, LLMs still struggle to reliably separate genuine user intent from malicious data.

The Agency warned that these vulnerabilities could lead to a range of cybersecurity threats, including:

READ ALSO: BNP Paribas Sells AG Insurance Stake For $2.2b

It advised Nigerians, businesses, and government institutions to adopt several precautionary steps to stay safe. These include limiting or disabling the browsing and summarisation of untrusted websites within enterprise environments and enabling features like browsing or memory only when necessary.

It also recommended regular updates to deployed GPT-4o and GPT-5 models to ensure known vulnerabilities are patched.