Nigeria’s National Information Technology Development Agency has issued a fresh cybersecurity advisory warning that newly discovered vulnerabilities in OpenAI’s latest large language models could expose users to serious data-leakage risks.

In a notice released through its official X account on Sunday, NITDA’s Computer Emergency Readiness and Response Team (CERRT.NG) disclosed that seven vulnerabilities were identified in OpenAI’s GPT-4.0 and GPT-5 series. The flaws reportedly enable attackers to manipulate ChatGPT through indirect prompt injections hidden inside seemingly harmless online content.

According to the advisory, attackers can embed malicious instructions in “webpages, comments, or crafted URLs,” allowing ChatGPT to execute unintended commands during normal browsing, summarisation, or search activities.

CERRT noted that some of the vulnerabilities allow threat actors to bypass safety filters using trusted domains or exploit markdown rendering weaknesses to conceal harmful instructions.

A particularly concerning issue, the agency said, is the potential for long-term manipulation. Attackers could even “poison ChatGPT’s memory so that injected instructions persist across future interactions,” posing significant risks for both individuals and enterprise environments.

While OpenAI has reportedly rolled out partial fixes, CERRT maintains that large language models still face fundamental challenges in distinguishing legitimate user intent from malicious embedded data.

Potential Impact

NITDA warns that the vulnerabilities could lead to unauthorized actions, information leakage, manipulated outputs, and long-term behavioural influence through memory poisoning.

Crucially, users do not need to click anything for an attack to trigger. The advisory states that malicious instructions can execute “without clicking anything” when ChatGPT processes search results or webpages containing hidden payloads.

Recommended Preventive Measures

CERRT urged organisations and individuals to adopt immediate safeguards, including:

  • Limiting or disabling ChatGPT’s browsing and summarisation tools for untrusted websites.
  • Enabling capabilities like browsing or memory only when operationally necessary.
  • Regularly updating GPT-4.0 and GPT-5 models to ensure that known vulnerabilities are patched.

NITDA Issues Additional Statement

In a separate statement on Monday, NITDA’s Director of Corporate Affairs and External Relations, Hadiza Umar, reiterated that seven critical weaknesses were identified in the models, enabling manipulation through indirect prompt injections embedded in webpages, comments, or URLs.

Umar stressed that some flaws enable attackers to bypass OpenAI’s safety systems using trusted websites or exploit markdown rendering bugs to hide malicious input.

“That act can even poison ChatGPT’s memory so that injected instructions persist across future interactions,” she warned.

She added that while OpenAI had addressed parts of the issue, LLMs continue to face challenges in distinguishing genuine user intent from malicious embedded content.

Umar urged organisations to limit or completely disable browsing and summarisation of untrusted websites within enterprise systems. She further recommended enabling sensitive capabilities only when necessary and ensuring that GPT-4 and GPT-5 models are regularly patched.

Meanwhile, NITDA, through CERRT.NG, also issued an urgent advisory over new security issues affecting Cisco firewall devices widely used across banks, government offices, businesses, and internet service providers.

The agency warned that cybercriminals are exploiting a new attack method targeting Cisco Secure Firewall ASA and Cisco Secure Firewall Threat Defense (FTD) systems. The flaw can forcibly reboot a device, causing sudden and widespread network outages.

According to the advisory shared on Monday, attackers are combining older vulnerabilities with newly discovered weaknesses, enabling them to trigger firewalls to “restart without warning,” leading to instability and denial-of-service across affected networks.

______________________________________________________________________ “Enhance Legal Practice With Authoritative Reports” — Alexander Payne Offers Comprehensive Law Reports, Spanning Over A Century Of Nigerian Jurisprudence

Interested buyers are encouraged to place their orders and enquiries via: 0704 444 4777, 0704 444 4999, 0818 199 9888 Website: www.alexandernigeria.com

_______________________________________________________________________ [A MUST HAVE] Evidence Act Demystified With Recent And Contemporary Cases And Materials
“Evidence Act: Complete Annotation” by renowned legal experts Sanni & Etti.
Available now for NGN 40,000 at ASC Publications, 10, Boyle Street, Onikan, Lagos. Beside High Court, TBS. Email publications@ayindesanni.com or WhatsApp +2347056667384. Purchase Link: https://paystack.com/buy/evidence-act-complete-annotation ______________________________________________________________________ “Bridging Theory And Courtroom Practice” — Hagler Sunny Okorie, Nathaniel Ngozi Ikeocha Unveil ‘Functional’ Tort Law Book For Nigerian Legal System The book, titled The Law of Torts in Nigeria: A Functional Approach, authored by Professor Hagler Sunny Okorie Ph.D and Ikeocha, Nathaniel Ngozi Esq, offers law students, practitioners, and academics a comprehensive guide to understanding and applying tort law in Nigerian courts. Interested buyers can place orders via the following contact numbers: 08028636615, 08037667945, 08032253813, or +234 902 196 2209. _______________________________________________________________________

“Order Your Copy Now” — Basil Momodu, Esq. Unveils Second Edition Of His Book, "Civil Procedure In Nigeria"

According to the learned author, Basil Momodu Esq. "Law review is a continuum. We will continue to track changes in the law to enrich future editions." Recommended Booksellers: Lagos: 08033855230, Abuja: 08035991379, and others.