Concerns over data handling have emerged at the US Cybersecurity and Infrastructure Security Agency after sensitive internal documents were shared on a public AI platform, according to a report by a news outlet.
The acting director of CISA, Madhu Gottumukkala, uploaded contracting documents into a public version of ChatGPT last summer. Department of Homeland Security officials said cybersecurity sensors at CISA detected the activity in August, with multiple warnings raised in the first week of August alone. Senior DHS leaders then ordered an internal review to check whether government security had been harmed. The outcome of that review remains unclear.
Officials said none of the files were classified. However, they included CISA contracting records marked “for official use only,” which is a label for sensitive information not meant for public release. The incident drew attention because Gottumukkala had requested special approval from CISA’s Office of the Chief Information Officer to use the AI tool soon after joining the agency in May. At that time, ChatGPT access was blocked for most DHS staff.
In an email statement, CISA’s Director of Public Affairs Marci McCarthy said Gottumukkala “was granted permission to use ChatGPT with DHS controls in place,” and that “this use was short-term and limited.” She added the agency supports “harnessing AI and other cutting-edge technologies to drive government modernization and deliver on” the former president’s executive order on AI leadership. The statement also said: “Acting Director Dr Madhu Gottumukkala last used ChatGPT in mid-July 2025 under an authorized temporary exception granted to some employees. CISA’s security posture remains to block access to ChatGPT by default unless granted an exception.”
Any data entered into a public ChatGPT system is shared with its owner, OpenAI, and may be used to respond to other users. OpenAI has said the tool has more than 700 million active users. DHS-approved tools, such as its own chatbot, are designed so data does not leave federal networks.
One official said Gottumukkala “forced CISA’s hand into making them give him ChatGPT, and then he abused it.” Federal staff are trained on handling sensitive files, and DHS policy requires reviews to decide if disciplinary action is needed. After the activity was flagged, Gottumukkala met senior DHS leaders, including the acting general counsel and the chief information officer, to assess the risk. He also met CISA’s CIO and chief counsel about proper handling of restricted material.
Gottumukkala has led CISA in an acting role since May, after being named deputy director by DHS Secretary Kristi Noem. His tenure has faced challenges. At least 6 staff were placed on leave after he failed a counterintelligence polygraph exam that he requested. DHS later called the test “unsanctioned.” During congressional testimony, he said he did not “accept the premise of that characterization.” Last week, he also attempted to remove CISA’s CIO, but other political appointees stopped the move.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
