The National Information Technology Development Agency (NITDA) has issued an advisory warning of newly discovered vulnerabilities in ChatGPT that could expose users to data-leakage attacks.
According to the advisory, researchers identified seven vulnerabilities in the GPT-4o and GPT-5 models that make them susceptible to indirect prompt-injection attacks. These attacks occur when hidden instructions embedded in webpages, comments, or URLs manipulate the model into executing unintended commands.
“By embedding hidden instructions in webpages, comments, or crafted URLs, attackers can cause ChatGPT to execute unintended commands simply through normal browsing, summarisation, or search actions,” NITDA stated.
The warning comes amid rising concerns about AI tools interacting with unsafe online content, particularly as ChatGPT becomes increasingly integrated into business operations, research workflows, and government services.
NITDA also noted that some of the vulnerabilities enable attackers to bypass safety controls by hiding malicious content behind legitimate-looking domains. Others exploit markdown-rendering flaws that allow concealed instructions to slip through undetected. In severe cases, attackers could even poison ChatGPT’s memory, causing the system to retain harmful instructions that influence future interactions.
While OpenAI has addressed parts of the problem, the agency said large language models still struggle to reliably distinguish genuine user intent from malicious data.
NITDA warned that the vulnerabilities could result in:
- Unauthorised actions by the model
- Exposure of sensitive user information
- Manipulated or misleading responses
- Long-term behavioural changes caused by memory poisoning
CERT.NG added that users may unknowingly trigger these attacks, often without clicking anything when ChatGPT processes webpages or search results containing hidden malicious instructions.
To mitigate risks, the agency advised Nigerians, businesses, and government institutions to limit or disable browsing and summarisation of untrusted websites in enterprise environments, and to enable features like browsing and memory only when necessary.
It also recommended keeping GPT-4o and GPT-5 deployments updated to ensure known vulnerabilities are patched.
