Artificial Intelligence is becoming an everyday tool for individuals, businesses, and governments. But as AI systems grow more intelligent and connected, they also face growing cybersecurity threats. Recently, Nigeria’s National Information Technology Development Agency (NITDA), through its Cybersecurity Emergency Readiness and Response Team (CERRT.NG), released an important advisory highlighting new vulnerabilities found in OpenAI’s GPT-4o and GPT-5 family models. read more

These vulnerabilities create opportunities for data leakage, unauthorized actions, and long-term manipulation through what is known as indirect prompt injection. The advisory came as a wake up call for anyone who uses AI tools because the risks extend beyond technical users to the everyday individual.

Understanding the Newly Discovered ChatGPT Vulnerabilities

What Prompted the NITDA Advisory?

The advisory was released after cybersecurity experts discovered serious flaws within ChatGPT models. These issues could allow attackers to plant hidden instructions inside websites, comments, URLs, or search results without the user taking any action.

In simple terms:
ChatGPT might “obey” commands it was never supposed to receive.

Overview of the Seven Major Vulnerabilities

Researchers identified seven critical vulnerabilities affecting GPT-4o and GPT-5. While OpenAI has already patched parts of them, some risks remain due to how Large Language Models (LLMs) work.

Hidden Instructions in Websites and URLs

Attackers can embed malicious commands inside webpages or URLs.

If ChatGPT is used to browse or summarize a page, it may unknowingly execute these hidden instructions.

Markdown Rendering Bugs

Markdown (the formatting language used for text styling) can be manipulated to hide harmful content.

Attackers may disguise malicious code inside what looks like normal text.

Memory-Poisoning Techniques

This one is especially dangerous.
Attackers can trick ChatGPT into storing harmful instructions in its memory, influencing future responses—even long after the initial attack.

How the Vulnerabilities Work Behind the Scenes

Indirect Prompt Injection Explained

Indirect prompt injection means attackers don’t need direct access to ChatGPT.
Instead, they plant commands in external content, and when ChatGPT processes that content, it runs the attacker’s instructions.

Imagine someone whispering to your friend who then unknowingly passes a harmful message along to you. That’s how indirect prompt injection works.

Why LLMs Struggle to Identify Malicious Commands

LLMs are trained to follow instructions.
The challenge is that they often cannot tell which instructions are legitimate and which are planted.

When malicious commands are hidden inside text or code, the model may treat them like genuine requests.

Impact on Users and Organizations

Unauthorized Access and Manipulation

Attackers could exploit vulnerabilities to make ChatGPT perform unauthorized tasks—like retrieving sensitive information or interacting with other systems.

Information Leakage and Data Exposure

Because LLMs handle large amounts of information, any flaw might expose confidential data, private conversations, or internal company details.

Altered and Misleading Outputs

If an attacker poisons the AI’s memory or prompt stream, ChatGPT may generate incorrect, biased, or harmful responses.

This means users might unknowingly rely on bad information.

Long-Term Behavioral Manipulation

This is one of the scariest risks.
Memory-poisoning could cause ChatGPT to develop persistent harmful behaviors that last over time, affecting every future conversation.

High-Risk Scenarios Where Attacks Are Most Likely

Browsing Untrusted Websites

Whenever ChatGPT summarizes external web content, it is exposed to whatever is hidden within that content—including malicious instructions.

Summarizing Search Results

Search results can contain manipulated snippets, comments, or metadata that trick ChatGPT into executing commands.

Integrating ChatGPT Into Enterprise Systems

Businesses using AI for automation, customer service, or internal analytics face higher risks because attackers can use poisoned data to compromise entire networks.

NITDA’s Recommended Preventive Measures

Disabling or Limiting Browsing Features

Organizations should restrict ChatGPT’s browsing capabilities when dealing with untrusted websites.
This reduces exposure to hidden instructions.

Using ChatGPT Memory Features Responsibly

Memory should be enabled only when needed.
Leaving it on all the time increases the risk of memory poisoning.

Ensuring Regular Updates and Patches

OpenAI frequently releases security updates.
Users and businesses should ensure their GPT models are updated to the latest versions to minimize known risks.

Why This Advisory Matters for Nigeria and Beyond

Strengthening Cybersecurity in the Era of AI

As Nigeria continues to grow its digital economy, AI tools like ChatGPT will play a major role in innovation.
But with advancement comes new threats. NITDA’s proactive oversight helps safeguard national cybersecurity.

Encouraging Responsible Adoption of LLMs

The advisory encourages individuals, developers, and enterprises to use AI responsibly, staying informed of potential risks and implementing preventive measures.

Conclusion

AI systems like ChatGPT offer powerful opportunities, but they also bring new security challenges. NITDA’s advisory shines a spotlight on vulnerabilities that could enable data leakage, unauthorized actions, and long-term manipulation.

By understanding these threats and applying recommended security practices such as limiting browsing, managing memory features, and updating models regularly users and organizations can significantly reduce their risks.

As AI continues to evolve, staying informed and vigilant is key to ensuring safe and secure digital environments.

FAQs

1. What is indirect prompt injection?

It is a cyberattack where malicious instructions are hidden inside external content, causing ChatGPT to execute them without the user knowing.

2. Has OpenAI fully fixed these vulnerabilities?

OpenAI has patched some issues, but because LLMs can’t always distinguish real instructions from malicious ones, risks still exist.

3. Who is most affected by these vulnerabilities?

Businesses, developers, and users who rely on ChatGPT for browsing, automation, or processing untrusted data are at higher risk.

4. What is memory poisoning in ChatGPT?

Memory poisoning refers to attackers planting harmful instructions in ChatGPT’s memory so they influence future responses.

5. How can organizations protect themselves?

By limiting browsing features, disabling unnecessary memory functions, and ensuring their AI tools are updated to the latest security patches.