The interim leader of the US’s top civilian cyber defense agency uploaded sensitive government contracting documents into a publicly accessible version of ChatGPT.
This occurred last summer, but came to light yesterday (Jan. 27) in a report by Politico. The event triggered internal cybersecurity alerts and a Department of Homeland Security–level review into whether federal information had been improperly exposed, according to four DHS officials familiar with the matter.
The incident involved Madhu Gottumukkala, the acting director of the Cybersecurity and Infrastructure Security Agency, who is currently the highest-ranking political official at CISA. The agency is responsible for defending federal networks and critical infrastructure against cyber threats from sophisticated adversaries such as Russia and China.
While none of the documents uploaded were classified, the materials were marked “for official use only,” a designation intended to restrict sensitive information from public dissemination. Such markings typically apply to documents that, if exposed, could create security, operational, or reputational risks for the government.
A senior official’s exception to AI restrictions
The episode is notable because Gottumukkala had personally requested special permission to use ChatGPT shortly after arriving at CISA in May, according to three of the officials. At the time, the AI tool was blocked for most DHS employees due to concerns that sensitive information could be retained or reused outside federal systems.
Cybersecurity sensors detected the uploads in August, generating multiple automated warnings designed to prevent the loss or mishandling of government data. One official said several alerts were triggered in the first week of August alone.
Those alerts prompted senior DHS officials to launch an internal assessment to determine whether the uploads caused any damage to government security or violated departmental policies. Two officials said the review rose to the DHS level, underscoring the seriousness with which the department treated the incident. It remains unclear what conclusions, if any, the review ultimately reached.
The risks of public AI platforms
Any information uploaded into a public version of ChatGPT is shared with OpenAI, the company that operates the platform, and may be used to help improve responses for other users. OpenAI has said ChatGPT has more than 800 million active users worldwide, raising concerns within government about how quickly sensitive material could be disseminated or indirectly referenced.
By contrast, DHS-approved AI tools, such as the department’s internally developed chatbot DHSChat, are configured to prevent user inputs from leaving federal networks. These tools are designed to allow experimentation with artificial intelligence while minimizing the risk of data leakage.
One official characterized Gottumukkala’s actions bluntly: “He forced CISA’s hand into making them give him ChatGPT, and then he abused it.”
Official response and disputed timeline
In an emailed statement, CISA Director of Public Affairs Marci McCarthy said Gottumukkala “was granted permission to use ChatGPT with DHS controls in place,” describing the use as “short-term and limited.” McCarthy added that the agency remains committed to “harnessing AI and other cutting-edge technologies to drive government modernization and deliver on” President Donald Trump’s executive order aimed at removing barriers to US leadership in AI.
McCarthy also disputed elements of Politico’s reporting, stating that Gottumukkala last used ChatGPT in mid-July 2025 under “an authorized temporary exception granted to some employees.” She emphasized that CISA’s default security posture continues to block ChatGPT unless an exception is approved.
Internal reviews and accountability
After the activity was flagged, Gottumukkala met with senior DHS officials to review what he had uploaded, according to two of the officials. DHS’s then-acting general counsel, Joseph Mazzara, and the department’s chief information officer, Antoine McCord, were involved in assessing any potential harm, officials said.
Gottumukkala also held meetings with Costello and chief counsel Spencer Fisher to discuss the incident and proper handling of “for official use only” material. Mazzara and Costello did not respond to requests for comment, and McCord and Fisher could not be reached.
Under DHS policy, exposures of sensitive but unclassified information are supposed to trigger an investigation into the cause and effect of the incident, as well as a determination of whether disciplinary action is appropriate. Potential consequences can range from retraining or formal warnings to more severe steps such as suspension or revocation of security clearances, depending on the circumstances.
A turbulent tenure at CISA
The ChatGPT episode adds to a series of controversies during Gottumukkala’s short tenure at the agency. He has served as acting director since May, after being appointed deputy director by DHS Secretary Kristi Noem. Trump’s nominee to permanently lead CISA, Sean Plankey, remains unconfirmed after being blocked last year by Sen. Rick Scott (R-Fla.), leaving Gottumukkala in charge during a period of heightened cyber threats.
As Politico previously reported, at least six career staff were placed on leave this summer following an “unsanctioned” counterintelligence polygraph exam that Gottumukkala requested and failed, according to DHS. During congressional testimony last week, Gottumukkala said he did not “accept the premise of that characterization” when asked about the test.
More recently, Gottumukkala attempted to remove Costello as CISA’s CIO, a move that was blocked by other political appointees.
Together, the incidents have raised questions among career officials and lawmakers about leadership, judgment, and governance at an agency tasked with safeguarding the nation’s most sensitive digital infrastructure at a time when the federal government is racing to adopt powerful new technologies such as AI.
Microsoft confirmed it can hand over BitLocker recovery keys stored in the cloud under warrant, reviving debate over who controls encrypted data.
