The acting director of the Cybersecurity and Infrastructure Security Agency (CISA), Madhu Gottumukkala, uploaded sensitive contracting documents into a public version of ChatGPT last summer, prompting multiple automated security warnings, according to a report by Politico.
Department of Homeland Security (DHS) officials indicated that the cybersecurity sensors at CISA flagged these uploads in August. One official noted that there were several warnings in the first week of that month. Following this, senior officials at DHS conducted an internal review to evaluate any potential harm to government security due to these exposures. The conclusions of this review have not been disclosed.
While none of the uploaded files were classified, they included documents marked “for official use only,” which signifies that the information is sensitive and not intended for public release. The incident gained prominence because Gottumukkala sought permission from CISA’s Office of the Chief Information Officer to utilize the AI tool shortly after joining the agency in May, while other DHS employees were restricted from using it at that time.
In a statement, CISA’s Director of Public Affairs, Marci McCarthy, stated that Gottumukkala was authorized to use ChatGPT with DHS controls, emphasizing that the usage was short-term and limited. McCarthy also mentioned the agency’s commitment to incorporating AI and other technologies for modernization, referencing a Trump executive order aimed at enhancing U.S. leadership in AI.
The statement appeared to contradict the timeline reported by Politico, asserting that Gottumukkala last used ChatGPT in mid-July 2025 under an authorized temporary exception. It was further emphasized that the agency’s security policy continues to block ChatGPT access by default unless an exception is granted.
Gottumukkala currently serves as the senior-most political official at CISA, an agency responsible for securing federal networks against advanced threats from state-backed hackers, particularly from nations such as Russia and China. Uploads to the public version of ChatGPT can be accessed by OpenAI, the owner of the app, which has over 700 million active users.
Other AI tools approved for use by DHS employees, like the self-built chatbot DHSChat, are designed to prevent any sensitive queries or documents from leaving federal networks. An official noted that Gottumukkala pressured CISA into granting him access to ChatGPT, suggesting he misused the platform.
All federal officials are trained in the appropriate handling of sensitive documents. DHS policy stipulates that security officials ought to investigate any exposure of official documents to assess potential repercussions, which could include actions ranging from retraining to more serious measures like suspension or revocation of a security clearance.
After potential breaches were detected, Gottumukkala engaged in discussions with senior DHS officials to review the content uploaded into ChatGPT. The assessment involved DHS’s then-acting general counsel, Joseph Mazzara, and the agency’s chief information officer, Antoine McCord. Additional meetings were held in August with CISA’s CIO, Robert Costello, and its chief counsel, Spencer Fisher, regarding the handling of sensitive materials.
Gottumukkala has led CISA in an acting capacity since May, following his appointment as deputy director by DHS Secretary Kristi Noem. His tenure has faced challenges, including concerns regarding prior security-related matters. Six career staff members were placed on leave this summer after Gottumukkala’s failed counterintelligence polygraph exam, which DHS has deemed “unsanctioned.” During recent Congressional testimony, Gottumukkala expressed disagreement with the characterization of the exam’s outcome.
Additionally, Gottumukkala attempted to remove Costello, CISA’s CIO, last week, but other political appointees intervened to prevent the action.
Source: timesofindia.indiatimes.com
