Nigeria’s National Information Technology Development Agency (NITDA) has issued a warning to users of ChatGPT after identifying multiple security flaws in the AI platform. The agency said seven key vulnerabilities in GPT‑4.0 and GPT‑5 could potentially expose users’ data and allow malicious actors to manipulate the system. Among the weaknesses is an “indirect prompt injection,” which can trick the AI into executing hidden instructions embedded in webpages, links, or text.
These flaws could let attackers bypass ChatGPT’s built-in safety controls, disguise malicious instructions, and even manipulate the AI’s behaviour over time. Users could unknowingly trigger these vulnerabilities simply by interacting with untrusted content, putting personal information and sensitive organisational data at risk.
NITDA emphasised that this warning is particularly important for businesses, government agencies, and individuals who use ChatGPT for research, document generation, or decision-making processes. Ensuring that sensitive information is not exposed requires caution, especially when enabling features that allow ChatGPT to browse the internet or summarise external content.
To reduce the risk, NITDA recommends limiting AI features that allow web browsing or summarisation of external content, only enabling them when necessary. Users should regularly update to the latest AI model versions, verify external sources before processing through ChatGPT, and follow best practices in cybersecurity. Organisations are encouraged to establish internal guidelines for AI usage and monitor interactions to prevent unintended exposure or manipulation.
As adoption of generative AI grows across Nigeria and globally, ensuring responsible and safe use is crucial to prevent data breaches, misinformation, and unintended operational risks. NITDA’s alert serves as a reminder that while AI tools offer productivity and innovation, their power comes with inherent vulnerabilities that users must actively manage.
