Madhu Gottumukkala, acting head of Cybersecurity and Infrastructure Security Agency, uploaded sensitive contracting documents marked for official use only into a public version of ChatGPT last summer, prompting multiple automated cybersecurity warnings designed to prevent unauthorized disclosure of federal information. The incident triggered a department-level review at the Department of Homeland Security to determine whether the uploads posed any risk to government security. Gottumukkala had previously requested special permission from CISA’s Office of the Chief Information Officer to use ChatGPT, which remained blocked for other DHS employees at the time.
While none of the documents were classified, the materials contained information that is considered sensitive and not intended for public release. Internal cybersecurity sensors flagged the uploads in August, generating multiple alerts in the first week alone. Senior DHS officials subsequently conducted a review to assess potential impacts and ensure proper handling of sensitive documents. According to agency officials, Gottumukkala participated in discussions with senior leadership, including CISA’s chief information officer and chief counsel, to evaluate the materials and review appropriate procedures for protecting official use information.
CISA’s Director of Public Affairs Marci McCarthy emphasized that the usage of ChatGPT was limited and conducted under approved controls. Other AI tools approved for DHS use, such as DHSChat, are designed to prevent documents or queries from leaving federal networks. Officials noted that material uploaded to the public version of ChatGPT could be accessed by other users, raising concerns over sensitive data exposure. Internal DHS policy requires investigation of such incidents to determine whether administrative measures, retraining, or clearance adjustments are appropriate.
Gottumukkala’s tenure at CISA has faced other security and leadership challenges. Earlier this year, at least six career staff were placed on leave following a counterintelligence polygraph exam that he took without authorization. He also attempted to remove the agency’s CIO last week before intervention from other political appointees blocked the effort. Despite these challenges, DHS continues to monitor the handling of sensitive information while exploring AI technologies to enhance operational efficiency, in line with federal guidelines and oversight. The agency maintains its commitment to digital security and responsible AI adoption, balancing technological innovation with strict compliance requirements for federal networks.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
