US cybersecurity agency head under fire after using ChatGPT for official documents: Report
Madhu Gottumukkala, the acting director of the US Cybersecurity and Infrastructure Security Agency (CISA), is facing scrutiny after reports claimed he uploaded sensitive government contracting documents to the public version of ChatGPT.
Madhu Gottumukkala, the acting chief at the US Cybersecurity and Infrastructure Security Agency (CISA), landed in hot water for uploading sensitive contracting documents to the public version of ChatGPT. Politico reports that these uploads happened after Gottumukkala took over last summer and set off a bunch of automated security alarms.
People are paying close attention to this because CISA protects US government networks and essential infrastructure from cyber threats. So when the agency’s own chief uploads internal files to a public AI model, it raises a lot of eyebrows.
Special permission to use ChatGPT
Gottumukkala, who started as an aide during the Trump administration, actually asked for and got special permission from CISA’s Office of the Chief Information Officer to use ChatGPT, just after joining in May. Most Department of Homeland Security (DHS) staff couldn’t access ChatGPT at the time. This one-off exception stirred up concern inside the agency since strict rules already limit federal workers’ use of generative AI tools for security reasons.
Sensitive documents allegedly uploaded on ChatGPT
Politico says that when anyone uploads information to ChatGPT’s public version, OpenAI can access that data and use it to train its models for other users. With more than 700 million people using ChatGPT worldwide, that’s no small risk. The documents Gottumukkala uploaded weren’t classified, but they did include CISA contracting files labelled “for official use only”.
That’s government-speak for “not public, handle with care.” One DHS official told Politico, “He forced CISA’s hand into letting him use ChatGPT, and then he abused it.”
Security alerts and internal review
CISA’s internal cyber monitoring systems caught the uploads more than once in August, which kicked off an internal review to see if the leaks put government security at risk. No one’s really saying what the review found. Marci McCarthy, CISA’s Director of Public Affairs, said Gottumukkala had permission to use ChatGPT, but with DHS controls in place, and that his access was short-term and limited. She added that the agency is committed to using AI responsibly, in line with President Trump’s executive order on artificial intelligence.
CISA disputes timeline, clarifies access
Later, CISA pushed back on some of Politico’s timeline, saying Gottumukkala last used ChatGPT in mid-July 2025—and only under a temporary, authorised exception. The agency stressed that ChatGPT remains blocked for most people unless there’s specific approval.
Gottumukkala, who has more than 24 years’ experience in IT and a PhD in Information Systems, has been acting director since May. DHS Secretary Kristi Noem appointed him deputy director while the search for a permanent CISA chief drags on.