Who is Madhu Gottumukkala and His Role in the ChatGPT Security Controversy
Madhu Gottumukkala, the interim chief of the US Cybersecurity and Infrastructure Security Agency (CISA), has found himself at the center of a significant security controversy. According to a report by Politico, citing four Department of Homeland Security (DHS) officials, Gottumukkala triggered multiple security alerts after uploading sensitive government contracting files to a public version of ChatGPT last summer. This incident has raised questions about cybersecurity protocols within US government agencies.
Background and Career of Madhu Gottumukkala
Madhu Gottumukkala is currently serving as the Acting Director and Deputy Director for CISA under the administration of US President Donald Trump. His appointment to this key cybersecurity role highlights his extensive experience in the field. Prior to joining CISA, Gottumukkala held several prominent positions, including Commissioner and Chief Information Officer for South Dakota’s Bureau of Information and Technology, where he oversaw statewide technology and cybersecurity initiatives. He also served as South Dakota’s Chief Technology Officer, making him only the second person to hold that title in the state.
In addition to his government roles, Gottumukkala contributes to academia as a member of the Advisory Committee of the College of Business and Information Systems at Dakota State University. His educational background is impressive, with a PhD in Information Systems from Dakota State University, an MBA in Engineering and Technology Management from the University of Dallas, an M.S. in Computer Science from the University of Texas at Arlington, and a B.E. in Electronics and Communication Engineering from Andhra University.
How the ChatGPT Security Incident Unfolded
The controversy began when Gottumukkala obtained special permission from CISA’s Office of the Chief Information Officer to use ChatGPT, despite the tool being blocked for other DHS employees. He joined CISA in May last year and started using the AI chatbot. In August, cybersecurity monitoring systems detected the uploads of files marked "for official use only" to ChatGPT, triggering multiple security warnings within the first week alone.
Although the files were not classified, they contained sensitive information not intended for public release, according to officials. This breach prompted senior DHS leadership to initiate an internal review to assess potential risks to government security. However, the outcome of this review remains unclear, leaving questions about the extent of the security compromise.
Response and Aftermath of the Incident
Following the detection of the uploads, Gottumukkala met with senior DHS leaders, including then-acting DHS general counsel Joseph Mazzara and DHS chief information officer Antoine McCord, to evaluate potential risks to the department. He also held meetings in August with CISA CIO Robert Costello and chief counsel Spencer Fisher to discuss the appropriate handling of sensitive material.
In response to the incident, CISA Director of Public Affairs Marci McCarthy issued a statement to Politico, clarifying that Gottumukkala "was granted permission to use ChatGPT with DHS controls in place." She emphasized that "this use was short-term and limited." McCarthy further stated, "Acting Director Dr Madhu Gottumukkala last used ChatGPT in mid-July 2025 under an authorised temporary exception granted to some employees. CISA’s security posture remains to block access to ChatGPT by default unless granted an exception."
This incident underscores the ongoing challenges in balancing the use of advanced AI tools like ChatGPT with stringent cybersecurity measures in government agencies. It highlights the need for robust protocols and continuous monitoring to prevent similar breaches in the future.
