Nigeria’s National Information Technology Development Agency(NITDA) has issued a cybersecurity warning about serious risks discovered in OpenAI’s latest ChatGPT models, GPT-4.0 and GPT-5. The agency says these weaknesses could expose users’ data and even allow attackers to manipulate the system.

Now grab a seat let’s keep you informed: NITDA’s Computer Emergency Readiness and Response Team (CERRT.NG) found seven vulnerabilities that make it possible for attackers to hide harmful instructions inside webpages, online comments, or specially crafted URLs. When ChatGPT encounters these hidden instructions while browsing, summarising, or searching, it could carry out actions that were never intended by the user.

One of the most worrying issues is called “memory poisoning.”

This means that malicious instructions could persist in ChatGPT’s memory, influencing its behaviour in future interactions.

In other words, a single attack could have lasting effects, affecting both individuals and businesses using these AI models.

The Information and Communication Technology (ICT) development agency stated that while OpenAI had addressed certain aspects of the issue, Large Language Models (LLMs) still struggle to reliably distinguish genuine user intent from malicious data.

NITDA warned that these vulnerabilities could lead to a range of cybersecurity threats, including: unauthorised actions carried out by the model, unintended exposure of user information, manipulated or misleading outputs, and long-term behavioural changes caused by memory poisoning.

Even though OpenAI has applied partial fixes, NITDA notes that large language models still struggle to tell the difference between genuine user requests and hidden malicious commands.

The potential consequences include unauthorized actions, leaked information, manipulated outputs, and long-term influence on ChatGPT’s responses. Importantly, users don’t even have to click anything; the system can be affected simply by processing content with embedded instructions.

What Nigerians Can Do to Protect Themselves

To reduce these risks, NITDA recommends that users and organisations:

• Limit or turn off ChatGPT’s browsing and summarisation features for websites that are not trusted.

• Enable memory or browsing functions only when absolutely necessary.

• Regularly update GPT-4.0 and GPT-5 models so that any known vulnerabilities are patched.

NITDA also issued a related warning about Cisco firewall devices, which are widely used in banks, businesses, and government offices. Cybercriminals have found ways to exploit these systems, forcing devices to reboot unexpectedly and causing network disruptions.

By sharing these alerts, NITDA aims to help Nigerians stay aware of emerging cybersecurity threats and adopt the necessary precautions before damage occurs.

Help others stay informed; spread the word about these AI vulnerabilities.