CISA Acting Director’s ChatGPT Uploads Again Draw Internal Anonymous Claims as DHS Pushes to Clarify
Published
Key Takeaways
- ChatGPT uploads: Acting CISA director Madhu Gottumukkala uploaded contracting documents on ChatGPT, triggering security alerts.
- AI access exception: Gottumukkala received temporary permission to use ChatGPT, DHS later confirmed.
- Leadership scrutiny: The incident adds pressure as CISA operates without a Senate-confirmed director.
Madhu Gottumukkala, the acting director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has found himself in controversy again, this time for uploading government contracting documents marked ‘for office use only’ into ChatGPT.
The public version of the AI tool internally triggered security alerts. Upon investigation, it was confirmed that the files were not classified, but were restricted and not meant to be shared to uncontrolled public platforms.
What Happened During the Information Upload
CISA, which awaits a Senate-confirmed director, in an internal audit flagged an upload of at least four official use contracting documents to ChatGPT. This raised concerns about how such data could be reused or exposed beyond its original purpose, including potential misuse.
The uploads reportedly took place last summer triggering several cybersecurity warnings related to possible data theft, or compromise. This led to an internal review following which the security incident was identified.
Under conditions of anonymity, four officials said that Gottumukkala requested permission to use the AI tool from CISA’s Office of the CIO while it was blocked for most DHS staff. Gottumukkala was granted access to the AI tool with DHS controls in place, according to an email from CISA’s Director of Public Affairs Marci McCarthy, who clarified that the access was temporary and limited.
Anonymous Officials Condemn AI Tool Use
The email further stated that the authorization was for mid-July 2025 for some employees. One of the four officials who spoke with the media under anonymity alleged that Gottumukkala “forced CISA’s hand into making them give him ChatGPT, and then he abused it.”
During investigatons, Gottumukkala disclosed the uploads to the team. He discussed the incident in a meeting with CISA’s chief information officer, Robert Costello, and chief counsel, Spencer Fisher last August on the handling of official data.
Misleading CISA Director and Leadership
In December last year, Gottumukkala found himself in separate controversy when reports that he failed a polygraph test in July while accessing cyber intelligence documents surfaced in the media. The DHS disputed the same after internal assessment.
DHS spokesperson Tricia McLaughlin clarified that Gottumukkala did not fail a sanctioned polygraph test, but instead an unsanctioned polygraph test coordinated by staff, which she said in an email, misled incoming CISA leadership.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular