Indian-origin US cyber agency chief uploaded sensitive files to ChatGPT

The acting head of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Madhu Gottumukkala, has come under scrutiny after reportedly uploading sensitive government contracting documents to the public version of ChatGPT, triggering internal cybersecurity alerts and a Department of Homeland Security (DHS) review into whether the disclosures may have compromised sensitive data, according to multiple news reports.

Gottumukkala — who has served as acting director of CISA since May 2025 and leads the federal agency tasked with defending government networks and critical infrastructure — was granted a temporary exception to use ChatGPT by the agency’s Office of the Chief Information Officer as part of an initiative to explore AI tools.

At the time, most employees across the Department of Homeland Security were blocked from accessing the public AI platform due to concerns about data security.

According to reporting in Politico and detailed in subsequent coverage, the material Gottumukkala uploaded last summer was not classified but was marked “For Official Use Only,” a government designation for sensitive information not intended for public dissemination. Automated cybersecurity sensors at CISA flagged multiple uploads in August 2025, prompting an internal review to assess whether there had been any harm to government security. The outcome of that review has not been publicly disclosed.

The decision to use the public version of ChatGPT for government-related data has drawn attention because inputs to the platform are shared with OpenAI — which says its tool has hundreds of millions of users worldwide — and may be used to improve responses for other users. By contrast, internal AI tools developed for DHS staff, such as the department’s proprietary chatbot DHSChat, are configured to prevent data from leaving federal systems.

CISA said in a statement that Gottumukkala’s access to ChatGPT was “temporary and limited” and that the agency continues to block access to the public tool by default unless an exception is granted. The incident has added to scrutiny of Gottumukkala’s leadership and sparked broader discussion about how AI tools should be used in government contexts where data security is paramount.