The acting head of the country’s cyber defense agency uploaded sensitive government files into the public version of ChatGPT last summer. This immediately triggered multiple internal security alarms at the agency. Madhu Gottumukkala, the interim director of the Cybersecurity and Infrastructure Security Agency (CISA), had requested and received special permission to use the AI tool right after he arrived in May 2025.
At that time, ChatGPT was completely blocked for everyone else working at the Department of Homeland Security (DHS). According to Politico, The person in charge of protecting federal networks got a special pass to use the tool, and then he misused it right away.
This hurt internal trust and raised serious questions about security rules. The files Gottumukkala uploaded into ChatGPT were not classified, but they were still sensitive. The documents included CISA contracting files marked “for official use only,” which means they should not be shared with the public.
Special access doesn’t mean the rules don’t apply
When someone uses the standard public version of ChatGPT, any information they upload goes directly to OpenAI, the company that owns the tool. OpenAI can then use this data to train the model and answer questions from the app’s more than 700 million active users. This is exactly why DHS blocks access to the tool for most employees. The AI chatbot has faced growing concerns over safety, including instances where ChatGPT allegedly encouraged harmful behavior.
CISA’s cybersecurity sensors flagged the uploads in August, with officials noting multiple warnings in just the first week. After the alarms went off, senior DHS officials had to lead an internal review to figure out how much harm was done to government security. Leaders like DHS’s then-acting general counsel Joseph Mazzara and CISA’s Chief Information Officer Robert Costello worked on reviewing the uploads and checking for damage.
One official said that Gottumukkala “forced CISA’s hand into making them give him ChatGPT, and then he abused it.” According to DHS policy, officials receive strict training on how to handle sensitive documents. When an exposure like this happens, security officials must investigate and decide if punishment is needed.
Depending on how serious it is, the response could range from required retraining to suspension or loss of security clearance. Previous controversies have shown the AI giving dangerous advice to vulnerable users. CISA’s Director of Public Affairs, Marci McCarthy, said in a statement that Gottumukkala “was granted permission to use ChatGPT with DHS controls in place” and that his use was “short-term and limited.”
The agency said it remains committed to using new technology to meet President Trump’s executive order on AI leadership and government updates. McCarthy said Gottumukkala last used the tool in mid-July 2025 under an approved temporary exception, and that CISA still blocks ChatGPT access by default unless an exception is granted.
Published: Jan 29, 2026 01:41 pm