The Indian-origin acting head of the US Cybersecurity and Infrastructure Security Agency (CISA), Madhu Gottumukkala, is under investigation after reportedly uploading sensitive government contracting documents to the public version of ChatGPT.
The material uploaded last summer was not classified but was marked “For Official Use Only”, a designation used for sensitive information that is not meant for public release, Gulf News reported.
The leaks triggered internal cybersecurity alerts and a Department of Homeland Security (DHS) review.
As per a detailed report by Politico, four DHS officials familiar with the matter said that the uploads activated multiple automated security warnings designed to prevent the unauthorised disclosure of government data from federal networks.
Gottumukkala, who has served as acting CISA director since May 2025, had sought and received a temporary exception from the agency’s Office of the Chief Information Officer to use ChatGPT as part of efforts to explore artificial intelligence tools.
At the time, most DHS employees were blocked from accessing the public platform because of security concerns.
Cybersecurity sensors flagged several uploads in August 2025, including multiple alerts in the first week of the month. Senior DHS officials subsequently initiated an internal review to assess whether the disclosures had caused any harm to government security. The findings of that review have not been made public.
Politico quoted CISA Director of Public Affairs Marci McCarthy as saying that Gottumukkala “was granted permission to use ChatGPT with DHS controls in place”.
The official added that the use was “short-term and limited”. She said the agency continues to block access to ChatGPT by default unless an exception is approved. The statement also said Gottumukkala last used ChatGPT in mid-July 2025 under an authorised temporary exception.
Information entered into the public version of ChatGPT is shared with OpenAI and may be used to help generate responses for other users. OpenAI has said the tool has more than 700 million total active users. By contrast, internal AI systems approved for DHS staff, such as the department’s proprietary chatbot DHSChat, are designed to prevent data from leaving federal networks.
Gottumukkala discussed the uploads with senior DHS officials after the activity was detected, and then-acting general counsel Joseph Mazzara and DHS chief information officer Antoine McCord were involved in reviewing potential risks.
Gottumukkala also met with CISA’s chief information officer Robert Costello and chief counsel Spencer Fisher regarding proper handling of “For Official Use Only” material.
The incident has added to scrutiny of Gottumukkala’s leadership.
It may be noted that at least six career staff were placed on leave after Gottumukkala failed a counterintelligence polygraph exam that he had pressed to take, though DHS described the test as “unsanctioned”.
During recent congressional testimony, Gottumukkala said he did not “accept the premise” that he had failed the exam.
Gottumukkala is currently the senior-most political official at CISA, the federal agency tasked with defending US government networks and critical infrastructure from sophisticated cyber threats, including those linked to Russia and China.