WASHINGTON, Jan 31 (Alliance News): Madhu Gottumukkala, the Indian-origin acting director of the US Cybersecurity and Infrastructure Security Agency (CISA), is under federal investigation after reportedly uploading sensitive government contracting documents to the public version of ChatGPT last summer.
Although the material was not classified, it carried the designation “For Official Use Only,” a status used for sensitive information not intended for public release.
The uploads triggered internal cybersecurity alerts and prompted a review by the Department of Homeland Security (DHS), officials told Politico.
According to four DHS officials familiar with the matter, the incidents activated multiple automated security warnings designed to prevent unauthorized disclosures from federal networks.
Gottumukkala, who has served as acting CISA director since May 2025, had sought and received a temporary exception from the agency’s Office of the Chief Information Officer to use ChatGPT while exploring artificial intelligence tools. At the time, most DHS employees were blocked from accessing the public platform due to security concerns.
Cybersecurity sensors flagged several uploads in August 2025, including multiple alerts in the first week of the month.
Senior DHS officials subsequently launched an internal review to assess potential risks and determine whether the disclosures had compromised government security. The results of that review have not been made public.
CISA Director of Public Affairs Marci McCarthy stated that Gottumukkala “was granted permission to use ChatGPT with DHS controls in place,” emphasizing that the exception was “short-term and limited.”
The agency continues to block public access to ChatGPT by default unless an official exception is approved. Gottumukkala last used the platform in mid-July 2025 under this authorized temporary exception.
Information entered into ChatGPT’s public interface is shared with OpenAI and can be used to generate responses for other users. By contrast, internal AI systems such as DHSChat are designed to keep sensitive data within federal networks.
After the activity was detected, Gottumukkala discussed the matter with senior DHS officials, including then-acting general counsel Joseph Mazzara and DHS chief information officer Antoine McCord, to review potential security risks. He also met with CISA’s chief information officer, Robert Costello, and chief counsel Spencer Fisher regarding proper handling of “For Official Use Only” material.
The incident has intensified scrutiny of Gottumukkala’s leadership at CISA, the federal agency responsible for defending US government networks and critical infrastructure from sophisticated cyber threats, including those linked to Russia and China.
It follows earlier concerns, including an unsanctioned counterintelligence polygraph exam which Gottumukkala reportedly failed—a claim he has disputed publicly. At least six career staff were placed on leave in connection with the polygraph matter.
As the senior-most political official at CISA, Gottumukkala’s actions have drawn attention amid growing concerns over the secure use of artificial intelligence in federal agencies.
Lawmakers and cybersecurity experts have raised questions about how sensitive government information is protected when using AI tools and the adequacy of existing safeguards for AI applications in critical infrastructure agencies.
The DHS has not yet publicly announced the outcome of its ongoing review, and it remains unclear whether any further disciplinary measures or policy changes will follow.
The episode highlights the challenges faced by federal agencies in balancing innovation with security, as AI tools such as ChatGPT become increasingly integrated into government operations.
It also underscores the importance of strict compliance with federal data handling protocols, particularly for senior officials with access to sensitive information.
