US Cyber Agency Chief Uploaded Sensitive Files Online

Soon after assuming office, the acting head of the United States’ cyber defense agency uploaded sensitive contract-related documents to the public version of ChatGPT, raising serious security concerns.

The agency’s core responsibility is to protect government secrets, and uploading information to a public AI platform means the data could potentially be disclosed to anyone unless removed from the system’s memory.

According to a report by Politico, the actions of Madhu Gottumukkala, Acting Director of the Cybersecurity and Infrastructure Security Agency (CISA), triggered multiple automated security alerts designed to prevent theft or accidental leaks of government information from federal networks.

The mistake drew particular attention because Gottumukkala—an Indian-origin appointee of President Donald Trump—had sought special permission from CISA’s Office of the Chief Information Officer to use the popular AI tool shortly after joining the agency in May.

All information uploaded to ChatGPT is shared with its owner, OpenAI, meaning the data could potentially be used to generate responses to other users’ queries. The platform has more than 700 million active users worldwide.

At the time, ChatGPT use was completely blocked for other Department of Homeland Security (DHS) employees. The report stated that Gottumukkala had “forced CISA to give him access to ChatGPT and then misused it.” Politico noted that none of the uploaded documents were classified, but several were labeled “For Official Use Only,” a government designation indicating sensitive information not intended for public release.

CISA’s cybersecurity sensors reportedly detected the uploads multiple times in August, prompting an internal review to assess whether the disclosures caused any damage to government security. The report cited DHS officials familiar with the matter.

The outcome of the review remains unclear. CISA Director of Public Affairs Marci McCarthy told Politico that Gottumukkala had been granted permission to use ChatGPT on a “short-term and limited basis” under DHS oversight mechanisms.

McCarthy added that, as part of President Trump’s executive order aimed at removing barriers to US leadership in artificial intelligence, the agency is committed to modernization and the responsible adoption of advanced technologies.

However, a separate CISA email disputed parts of the timeline mentioned in the report, stating that Gottumukkala last used ChatGPT in mid-July 2025, during a period when temporary exceptions were granted to some staff. The email emphasized that access to ChatGPT is blocked by default at CISA unless special authorization is provided.

Gottumukkala is currently the highest-ranking political official at CISA, a federal agency tasked with protecting US government networks from state-sponsored hackers from rival countries such as Russia and China.

He has more than 24 years of experience in the information technology sector and holds a PhD in Information Systems from Dakota State University, an MBA in Engineering and Technology Management from the University of Dallas, an MS in Computer Science from the University of Texas at Arlington, and a bachelor’s degree in Electronics and Communication Engineering from Andhra University.

In May, Homeland Security Secretary Kristi Noem appointed him as CISA’s Deputy Director, after which he began serving as Acting Director. The Trump administration’s nominee for permanent CISA Director, DHS special adviser Sean Plankey, became stalled last year over objections related to a Coast Guard shipbuilding contract, and a new confirmation hearing date has yet to be set.