NITDA warns Nigerians of new vulnerabilities in OpenAI's GPT-4.0, GPT-5

The National Information Technology Development Agency (NITDA) on Monday warned Nigerians about new vulnerabilities in OpenAI's GPT-4.0 and GPT-5 series that could expose users to data leakage.

The advisory was issued by the agency's Director of Corporate Affairs and External Relations, Mrs Hadiza Umar, in Abuja.

Umar said the agency had identified seven critical weaknesses in the models, which allowed attackers to manipulate the system through indirect prompt injection.

"By embedding hidden instructions in webpages, comments or crafted URLs, attackers can cause ChatGPT to execute unintended commands through normal browsing, summarisation or search actions.

"Some flaws also enable attackers to bypass safety filters using trusted domains and exploit markdown rendering bugs to hide malicious content.

"That act can even poison ChatGPT's memory so that injected instructions persist across future interactions," she said.

Umar said that although OpenAI had addressed part of the issue, large language models still face challenges in distinguishing genuine user intent from malicious embedded data.

She said the technique involved embedding hidden instructions in webpages, online comments or crafted URLs, which can mislead ChatGPT into executing unintended actions during routine browsing or search activities.

Umar said the vulnerabilities posed substantial risks, including unauthorised actions, information leakage, manipulated outputs and long-term behavioural influence due to memory poisoning.

She said that to avoid the risks, the agency urged organisations to limit or disable the browsing and summarisation of untrusted websites within enterprise environments.

"Only enable ChatGPT capabilities like browsing or memory when operationally necessary," she said.

She also urged regular updating and patching of the GPT-4.0 and GPT-5 models to ensure that any known vulnerabilities are addressed.