The National Information Technology Development Agency (NITDA) has issued an advisory on new vulnerabilities in ChatGPT that could expose users to data-leakage attacks.
According to the advisory, researchers discovered seven vulnerabilities affecting GPT-4o and GPT-5 models that allow attackers to manipulate ChatGPT through indirect prompt injection.
The agency explained that hidden instructions placed inside webpages, comments, or URLs can trigger unintended commands during regular browsing, summarisation, or search actions.
“By embedding hidden instructions in webpages, comments, or crafted URLs, attackers can cause ChatGPT to execute unintended commands simply through normal browsing, summarization, or search actions,” they stated.
The warning followed rising concerns about AI-powered tools interacting with unsafe web content and the growing dependence on ChatGPT for business, research, and public-sector tasks.
NITDA added that some flaws allow the bypassing of safety controls by masking malicious content behind trusted domains.
Other weaknesses take advantage of markdown rendering bugs, enabling hidden instructions to pass undetected.
It explained that in severe cases, attackers can poison ChatGPT’s memory, forcing the system to retain malicious instructions that influence future conversations
They stated that while OpenAI has fixed parts of the issue, LLMs still struggle to reliably separate genuine user intent from malicious data.
The Agency warned that these vulnerabilities could lead to a range of cybersecurity threats, including:
Unauthorised actions carried out by the model
Unintended exposure of user information
Manipulated or misleading outputs
Long-term behavioural changes caused by memory poisoning
CERRT.NG added that users may unknowingly trigger these attacks without clicking or interacting with anything, especially when ChatGPT processes search results or webpages containing hidden malicious instructions.
It advised Nigerians, businesses, and government institutions to adopt several precautionary steps to stay safe. These include limiting or disabling the browsing and summarisation of untrusted websites within enterprise environments and enabling features like browsing or memory only when necessary.
It also recommended regular updates to deployed GPT-4o and GPT-5 models to ensure known vulnerabilities are patched.
-Advertisement-
Grab our latest Magazine, "Kelechi Amadi-Obi - Transcending the worlds of Law, Visual Art and Photography". Get your order fast and stress free.
For more details about Newswire Law&Events Magazine, kindly reach out to us on 08039218044, 09070309355. Email: newswiremagazine@yahoo.co.uk. You will be glad you did
Download E-MagazineDo you want to be heard, your events covered, your articles published, or need to advertise your products and services on our Blog and Magazine, reach out to us at Newswire Law and Events, you will be glad you did. For more details about our services, please call: 08039218044, 09070309355. Email: newswiremagazine@yahoo.co.uk
