Nigeria’s National Information Technology Development Agency has raised a fresh alarm over newly discovered flaws in OpenAI’s GPT-4.0 and GPT-5 models, saying the issues could expose users and organisations to serious data-leakage threats.
The agency issued the warning through its Computer Emergency Readiness and Response Team, CERRT.NG, in an advisory posted on its official X page on Sunday. According to the team, seven major weaknesses were found, most of them linked to indirect prompt injection attacks hidden inside online content.
CERRT said attackers can hide dangerous commands inside what appear to be normal “webpages, comments or crafted URLs,” and ChatGPT may process those instructions unknowingly while carrying out searches, summaries or basic browsing.
The advisory explained that some of the flaws make it possible to bypass safety filters by using trusted domains or by hiding harmful input through markdown formatting tricks.
One of the most troubling findings, the team noted, was that attackers can “poison ChatGPT’s memory so that injected instructions persist across future interactions,” which may affect both personal users and companies relying on the models.
It added that even without clicking any link, users could still be exposed, as malicious instructions may activate once ChatGPT reads online results containing hidden payloads.
In a follow-up statement released in Abuja, NITDA’s Director of Corporate Affairs and External Relations, Mrs Hadiza Umar, confirmed the discovery of the seven weaknesses.
“By embedding hidden instructions in webpages, comments or crafted URLs, attackers can cause ChatGPT to execute unintended commands through normal browsing, summarisation or search actions,” she said.
She added that “some flaws also enable attackers to bypass safety filters using trusted domains, and exploit markdown rendering bugs to hide malicious content.”
Umar stressed that such actions “can even poison ChatGPT’s memory so that injected instructions persist across future interactions.”
She warned that the risks include unauthorised actions, information leakage, manipulated outputs and long-term behavioural changes caused by memory poisoning.
NITDA advised organisations to limit or disable ChatGPT’s browsing and summarisation features when dealing with untrusted websites. Umar said, “Only enable ChatGPT capabilities like browsing or memory when operationally necessary.”
She also urged regular updates of GPT-4.0 and GPT-5 models to ensure all known vulnerabilities are addressed.
Meanwhile, CERRT.NG issued a separate alert on new cyber threats targeting Cisco firewall devices widely used by banks, government agencies and major firms.
According to the notice, hackers have begun exploiting older vulnerabilities in a new way that can force Cisco Secure Firewall ASA and Firepower Threat Defense systems to reboot suddenly, causing service disruption.
The team warned that the attack method can make firewalls “restart without warning,” which may trigger network downtime or denial-of-service across affected organisations.
