A major cybersecurity controversy has emerged after reports revealed that the acting head of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) uploaded sensitive government documents to ChatGPT. According to Politico, the files were marked “For Official Use Only,” triggering multiple internal security alerts designed to prevent unauthorized data exposure from federal systems.
The official involved, Madhu Gottumukkala, was appointed acting CISA director under the Trump administration. Sources familiar with the matter told Politico that his actions activated automated safeguards meant to stop the transfer of sensitive information outside government networks. While the documents were not classified, officials emphasized that their internal nature makes their handling highly sensitive.
DHS Launches Internal Review
Following the incident, officials at the Department of Homeland Security (DHS) which oversees CISA launched an internal review to determine whether Gottumukkala’s uploads posed any national security risks. Uploading internal government documents to public artificial intelligence platforms is considered dangerous because such systems can retain information and potentially expose it in future responses.
A CISA spokesperson confirmed that Gottumukkala’s use of ChatGPT was “short-term and limited” and stated that there was no immediate evidence of harm to government systems or data. However, cybersecurity experts argue that even brief exposure of internal materials could weaken security protocols and set troubling precedents for data handling inside federal agencies.
Exception Granted Despite Employee Restrictions
At the time of the incident, most CISA employees were reportedly prohibited from using ChatGPT and similar AI tools due to data security concerns. Gottumukkala, however, had received a special exemption, allowing him access to the platform. Officials are now questioning whether that exception created vulnerabilities within the agency’s cybersecurity framework.
Additional Controversy Surrounds Appointment
Before his role at CISA, Gottumukkala served as Chief Information Officer for the state of South Dakota under then-Governor Kristi Noem. Following his federal appointment, he reportedly failed a counterintelligence polygraph test later described by DHS as “unsanctioned” and subsequently suspended six career employees from accessing classified information, raising further concerns about leadership decisions inside the agency.
Growing AI Security Risks in Government
This incident highlights the increasing risks governments face as artificial intelligence tools become widely used in professional environments. Experts warn that without strict usage policies and training, AI platforms could unintentionally become channels for sensitive data leakage.
As DHS continues its investigation, the case is likely to fuel broader discussions around AI governance, cybersecurity compliance, and federal data protection standards in the age of large language models.
