The National Information Technology Development Agency (NITDA) has warned that newly discovered vulnerabilities in ChatGPT, a popular AI‑powered chatbot, could expose users to data‑leakage attacks. Researchers identified seven flaws affecting GPT‑4 and GPT‑5 models that can be exploited through indirect prompt injection. Attackers can embed hidden instructions in webpages, comments, or URLs, causing ChatGPT to execute unintended commands during ordinary browsing, summarisation, or search activities.
The advisory highlights growing concerns about the interaction between AI tools and unsafe web content, especially as reliance on ChatGPT expands in business, research, and the public sector. Some of the flaws allow attackers to bypass safety controls by masking malicious content behind trusted domains, while others exploit markdown‑rendering bugs to hide instructions from detection. In severe cases, attackers can poison ChatGPT’s memory, forcing the system to retain malicious directives that influence future conversations.
These vulnerabilities could lead to a range of cybersecurity threats, including unauthorized actions by the model, unintended exposure of user information, manipulated or misleading outputs, and long‑term behavioural changes caused by memory poisoning. Users may trigger such attacks without clicking or interacting with anything, simply when ChatGPT processes search results or webpages containing hidden malicious instructions. Although OpenAI has patched parts of the issue, NITDA notes that large language models still struggle to reliably distinguish genuine user intent from malicious data.
To stay safe, the agency advises Nigerians, businesses, and government institutions to adopt precautionary measures: limit or disable browsing and summarisation of untrusted websites within enterprise environments, enable features like browsing or memory only when necessary, and regularly update deployed GPT‑4 and GPT‑5 models to ensure known vulnerabilities are patched. The discovery underscores the importance of robust cybersecurity measures in the development and use of AI‑powered tools. As the use of ChatGPT and similar technologies continues to grow, users must be aware of potential risks and take proactive steps to protect themselves, thereby minimising threats and ensuring the safe, effective deployment of AI.
Comments are closed for this story.