The acting director of Cybersecurity and Infrastructure Security Agency (CISA), Madhu Gottumukkala, reportedly uploaded sensitive government documents to a public version of ChatGPT last summer.
The documents were not classified, but they were labeled “For Official Use Only” (FOUO) — a designation meant to keep information restricted to internal government use and out of public view.
Why it matters
Anything entered into a public version of ChatGPT is shared with the service provider and may be used to improve how the system works. That creates a risk that sensitive information could travel beyond its intended audience.
In this case, internal cybersecurity monitoring tools flagged the uploads multiple times, triggering alerts designed to catch potential data leaks, whether accidental or intentional.
Timing & access
At the time, Gottumukkala had been granted special permission to use ChatGPT by CISA’s Office of the Chief Information Officer. Most Department of Homeland Security (DHS) employees were not allowed to use the tool.
CISA later said his access was temporary and limited, and that he last used ChatGPT in mid-July 2025 under that exception.
Internal review
Following the incident, senior DHS officials launched an internal review to determine whether the uploads violated policy or posed any national security risk. As of now, the results of that review have not been made public.
Broader context & reactions
The episode drew attention in Washington because CISA’s mission is to protect U.S. government systems and critical infrastructure from cyber threats.
Internally, the situation reportedly caused friction. One unnamed official was quoted as saying Gottumukkala “forced CISA’s hand into giving him ChatGPT, and then abused it.”
Who is Madhu Gottumukkala
Gottumukkala has served as acting director of CISA since May 2025. Before that, he held several senior technology roles, including positions as a chief information officer and technology executive. He is of Indian descent.
