US Cyber Defense Agency Head Uploads Sensitive Files to ChatGPT, Triggers Security Alerts
The acting head of the United States Cybersecurity and Infrastructure Security Agency (CISA) has been involved in a significant security incident involving the exposure of sensitive government files on the artificial intelligence platform ChatGPT. According to a POLITICO report citing four Department of Homeland Security officials familiar with the matter, Madhu Gottumukkala uploaded contracting records labeled "for official use only" to a publicly accessible version of ChatGPT during the summer of 2025.
Security Alerts Triggered by Unauthorized Data Upload
This action caused multiple automated security alerts designed to prevent the loss or accidental exposure of government information from federal systems. The incident has raised serious questions about data security protocols within one of America's most critical cybersecurity agencies. While none of the uploaded documents were classified, officials speaking on condition of anonymity confirmed the files contained sensitive contracting materials not intended for public disclosure.
Who is Madhu Gottumukkala?
Madhu Gottumukkala is an Indian-American engineering executive and cybersecurity leader who currently serves as the highest-ranking political official at CISA. The agency is responsible for protecting federal networks from advanced cyber threats posed by hostile nation-states, including Russia and China. His appointment to this crucial position came in May 2025, making him a key figure in America's digital defense infrastructure.
Gottumukkala brings over 24 years of private sector IT leadership experience to his role, with an impressive career spanning multiple technology domains. His professional background includes significant roles at Sanford Health as Senior Director of Technology Solutions, Samsung Mobile, Polycom, HTC/Concur, and CallHealth where he served as Chief Technology Officer. His expertise covers telecommunications, unified communications, health technology, and he even holds a U.S. patent in his field.
Special AI Access Approval Raises Questions
What makes this incident particularly noteworthy is that shortly after joining CISA in May, Gottumukkala sought and received special approval from the agency's Office of the Chief Information Officer to use the AI platform. At that time, the ChatGPT application was restricted for other Department of Homeland Security staff members, making his access privileges exceptional within the organization.
In an emailed statement to POLITICO, CISA Director of Public Affairs Marci McCarthy confirmed that Gottumukkala "was granted permission to use ChatGPT with DHS controls in place" and noted that "this use was short-term and limited." However, she emphasized the agency's continued commitment to "harnessing AI and other cutting-edge technologies to drive government modernization and deliver on" President Trump's executive order aimed at removing obstacles to U.S. leadership in artificial intelligence.
Data Security Implications of ChatGPT Usage
The incident highlights significant concerns about data security when using public AI platforms for government work. Any data uploaded to the public version of ChatGPT used by Gottumukkala would be shared with OpenAI, the company that owns the platform, and could potentially be used to help respond to prompts from other users. With OpenAI reporting more than 700 million active users worldwide, the potential exposure of sensitive government information represents a substantial security risk.
This development comes at a critical time when government agencies worldwide are grappling with how to safely integrate artificial intelligence into their operations while maintaining strict data security protocols. The incident involving one of America's top cybersecurity officials underscores the challenges of balancing technological innovation with information security requirements in the digital age.
