The National Information Technology Development Agency (NITDA) has issued a critical advisory warning Nigerians about newly discovered security flaws in OpenAI’s ChatGPT, highlighting potential risks of data exposure and system manipulation.

The advisory, released on Monday, December 8, 2025, stems from research identifying seven vulnerabilities affecting GPT-4o and GPT-5 models.

These flaws could allow attackers to exploit ChatGPT through indirect prompt injections—hidden instructions embedded in webpages, URLs, or online comments that the AI may inadvertently execute during browsing, summarisation, or search activities.

“Malicious actors can craft hidden commands within seemingly legitimate content, which ChatGPT may process without user interaction, leading to unintended actions,” the agency said.

NITDA emphasized that the advisory comes at a time when AI tools are increasingly integrated into business, research, and government operations, raising concerns over AI systems interacting with unsafe content online.

Some vulnerabilities reportedly allow attackers to bypass existing safety mechanisms by disguising harmful instructions under trusted domains. Others exploit markdown-rendering issues, making malicious instructions invisible to users but readable by the AI. In more severe scenarios, attackers could “poison” ChatGPT’s memory, embedding harmful commands that could affect the AI’s future responses.

According to the advisory, potential threats from these vulnerabilities include:

* Execution of unauthorized actions by ChatGPT

* Accidental disclosure of sensitive user data

* Generation of misleading or manipulated outputs

* Long-term behavioral alterations caused by memory poisoning

CERRT.NG, NITDA’s cybersecurity wing, warned that users could trigger attacks passively, without clicking on links or interacting with content, simply when ChatGPT processes compromised webpages or search results.

To reduce risks, NITDA urged individuals, businesses, and government agencies to adopt stronger security measures, including:

* Restricting or disabling browsing and summarisation of untrusted websites in enterprise settings

* Activating features like browsing and memory only when absolutely necessary

* Regularly updating GPT-4o and GPT-5 deployments to the latest patches

Also Read: Chaos in Anambra as Armed Men Storm Nawfia, Kill Several

The agency stressed that as AI becomes more central to public and private sector operations, proactive cybersecurity practices are essential to safeguard against emerging threats.