Select Language:
The acting director of the Cybersecurity and Infrastructure Security Agency (CISA), Madhu Gottumukkala, is currently under investigation after reportedly uploading sensitive government contracting documents to the public version of ChatGPT. The documents, uploaded last summer, were not classified but carried the “For Official Use Only” label, indicating sensitive information not intended for public dissemination, according to Gulf News.
The incident prompted internal cybersecurity alarms and a review by the Department of Homeland Security (DHS). A detailed report by Politico reveals that four DHS officials familiar with the case confirmed that the uploads triggered multiple automated security alerts designed to prevent unauthorized sharing of federal data.
Gottumukkala, who has held the position of acting CISA director since May 2025, had obtained a temporary exemption from the agency’s Office of the Chief Information Officer to use ChatGPT while exploring artificial intelligence tools. At that time, most DHS employees were unable to access the platform due to security risks.
In August 2025, cybersecurity sensors detected several uploads, including multiple alerts during the first week of the month. Senior DHS officials launched an internal investigation to determine if any security compromises resulted from the disclosures, though the results have not been publicly released.
Marci McCarthy, CISA’s Director of Public Affairs, stated that Gottumukkala was granted permission to utilize ChatGPT under DHS-specific controls. She emphasized that the usage was intended to be short-term and restricted, and that the department normally blocks ChatGPT access unless explicitly approved. She added Gottumukkala last used ChatGPT in mid-July 2025 under a temporary, approved exception.
Data input into the public ChatGPT version is shared with OpenAI and may be used to enhance responses for other users. OpenAI reports over 700 million active users. In contrast, DHS-approved internal AI systems, like the department’s DHSChat, are engineered to prevent data from leaving federal networks.
Upon discovering the activity, Gottumukkala discussed the uploads with senior DHS officials, including acting General Counsel Joseph Mazzara and Chief Information Officer Antoine McCord, who reviewed potential security risks. He also consulted with CISA’s CIO Robert Costello and Chief Counsel Spencer Fisher to address the handling of “For Official Use Only” materials.
The episode has intensified scrutiny of Gottumukkala’s leadership. Notably, at least six career staff members were placed on leave after he failed an unsanctioned counterintelligence polygraph exam, which he requested to take. During recent congressional testimony, Gottumukkala contested claims that he had failed the test, stating he did not “accept the premise” of such assertions.
Currently, Gottumukkala is the highest-ranking political official at CISA, the federal agency responsible for protecting U.S. government networks and critical infrastructure from advanced cyber threats, including those originating from Russia and China.
ChatGPT
Perplexity
Gemini AI
Grok AI
