Nigeria’s National Information Technology Development Agency (NITDA) has issued a fresh cybersecurity warning to Nigerians and organisations following the discovery of new vulnerabilities in OpenAI’s GPT-4.0 and GPT-5 series models that could expose users to data leakage and system manipulation. The warning forms part of the agency’s ongoing efforts to strengthen national cybersecurity awareness as the use of artificial intelligence tools continues to grow rapidly across professional, business, and personal settings.

The advisory, released by the agency’s Computer Emergency Readiness and Response Team, CERRT.NG, and confirmed by the Director of Corporate Affairs and External Relations, Mrs Hadiza Umar, revealed that seven critical weaknesses had been identified within the models. 

The vulnerabilities allow attackers to exploit a technique known as indirect prompt injection, where harmful commands are hidden inside seemingly harmless online content such as webpages, comment sections, or specially crafted URLs carried across public platforms.

According to the agency, these embedded instructions can manipulate ChatGPT into executing unintended actions during routine activities, including browsing, website summarisation, or search tasks. Some of the flaws also make it possible for threat actors to bypass built-in safety systems by exploiting trusted domains or taking advantage of markdown rendering weaknesses that conceal malicious content from casual detection and automated filtering systems.

One of the most troubling risks highlighted by NITDA is the potential for prolonged interference. The agency warned that attackers could poison ChatGPT’s memory, ensuring that injected instructions remain active across future interactions. This could lead to long-term behavioural manipulation in both personal and enterprise systems, raising concerns over data integrity, operational reliability, and the safety of sensitive user information handled through artificial intelligence tools.

Also Read: Nigeria records Africa’s highest weekly cyberattacks, new report finds

While OpenAI has reportedly addressed parts of the problem, NITDA stated that large language models still struggle to reliably differentiate legitimate user intent from malicious embedded data, leaving room for continued exploitation. The agency noted that this structural challenge underscores the broader limitations facing AI systems in dynamic online environments where threats can be creatively disguised.

The agency cautioned that the identified vulnerabilities may result in unauthorised system actions, data exposure, manipulated responses, and extended behavioural influence. It further stressed that users may not need to click links or interact directly with harmful content to be compromised, as attacks can be triggered automatically when ChatGPT processes infected search results or webpages during everyday activities.

NITDA urged organisations to immediately reduce risk by limiting or disabling ChatGPT browsing and summarisation functions for untrusted websites within enterprise environments. It also advised enabling features such as browsing or memory only when they are operationally necessary and ensuring that GPT-4.0 and GPT-5 models are kept fully updated and patched to address known vulnerabilities as soon as fixes become available.

In a related development, CERRT.NG also issued an urgent warning about new cybersecurity threats targeting Cisco firewall systems used across banks, businesses, government institutions, and internet service providers in Nigeria. The advisory reflects concerns that vulnerabilities in critical infrastructure devices pose risks not only to individual organisations but to national digital stability.

The agency disclosed that cybercriminals are now exploiting older vulnerabilities through a newly observed attack method affecting Cisco Secure Firewall ASA and Cisco Secure Firewall Threat Defence systems. The technique allows attackers to remotely force devices to reboot without warning, causing sudden network outages, service disruption, and potential denial-of-service incidents across affected networks.

NITDA explained that the attacks leverage previously known weaknesses but deploy them in new ways capable of destabilising firewall operations at scale, further heightening cybersecurity risks across connected networks nationwide and reinforcing the need for continuous patching and strict security controls within digital environments.

Meiza Nigeria