Acting CISA Director under scrutiny over use of public AI tool

WEB DESK: Acting Director U.S. Cybersecurity and Infrastructure Security Agency (CISA), Madhu Gottumukkala, is under review after reportedly uploading sensitive internal documents to a public version of ChatGPT last summer.

According to Politico, citing four Department of Homeland Security (DHS) officials, Gottumukkala entered contracting files and cybersecurity-related materials marked “For Official Use Only” (FOUO), a designation for non-classified but restricted information, into the AI platform. The uploads took place shortly after his appointment in May 2025, following special permission from CISA’s Office of the Chief Information Officer. ChatGPT remains blocked for most DHS employees due to potential data security risks.

The activity was flagged internally by automated monitoring tools and network sensors, which triggered multiple security alerts in the first week of August 2025. These alerts prompted a DHS-level assessment to evaluate potential exposure or impact. CISA officials confirmed that the use was short-term, ending by mid-July 2025, and that controls were in place during that period.

No classified information was reportedly involved, and there is no public evidence that any data was further exposed or misused. Nevertheless, the incident has raised questions about leadership judgment and data-handling practices at the agency responsible for protecting U.S. critical infrastructure and federal networks. Reports have also noted a prior counterintelligence polygraph issue involving Gottumukkala.

CISA emphasised its commitment to responsible AI adoption in government operations, while the case highlights the importance of caution and oversight when using public generative AI tools for sensitive work.