Madhu Gottumukkala, acting head of the US cyber agency CISA, faces scrutiny after reportedly uploading “For Official Use Only” documents to ChatGPT, triggering security alerts and an internal review.
US Cyber Agency Chief Faces Questions Over ChatGPT Use (Source: X/ @suchitrav)
In an ironic situation that has surprised many in Washington’s cybersecurity community, the leader of the US agency responsible for protecting government computer networks reportedly uploaded sensitive internal documents to a public version of ChatGPT.
As per Politico, Madhu Gottumukkala, who is the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), shared materials related to contracts and cybersecurity with the AI tool last summer for work-related reasons. These uploads reportedly triggered automatic security alerts and led to an internal review.
Although the documents were not classified, they were labeled “For Official Use Only,” which means they are not meant to be shared publicly. Several officials from the Department of Homeland Security (DHS) told Politico that the system’s safeguards were activated to stop sensitive government data from being exposed.
Gottumukkala is of Indian origin and leads efforts to protect US federal networks from advanced cyber threats, including attacks believed to be backed by countries such as Russia and China.
Dr. Gottumukkala has strong academic qualifications. He earned a Ph.D. in Information Systems from Dakota State University, an MBA in Engineering and Technology Management from the University of Dallas, an M.S. in Computer Science from the University of Texas at Arlington, and a BE in Electronics and Communication Engineering from Andhra University.
The controversy began when Gottumukkala reportedly used ChatGPT for official work and uploaded documents connected to government contracts and cybersecurity matters. Even though the files were not classified, their “For Official Use Only” marking meant they were still sensitive and not meant for public platforms.
Because ChatGPT is a public AI system, the uploads reportedly set off automatic security alerts within the Department of Homeland Security. These systems are designed to flag any sharing of protected government material, leading officials to begin an internal review.
Another concern is that information entered into the public version of ChatGPT, built by OpenAI, may be stored and used to improve the tool. This possibility raised questions about whether government-related data could have been exposed more widely, even unintentionally.
CISA tried to reduce concerns about the matter. In an email to Politico, agency spokesperson Marci McCarthy said Gottumukkala had official permission to use ChatGPT under DHS safeguards, and that the use was temporary and limited.
“Acting Director Dr. Madhu Gottumukkala last used ChatGPT in mid-July 2025 under an authorized temporary exception,” McCarthy said, adding that CISA’s default position remains to block access to the tool unless an exception is granted.
The situation has gained more attention because of earlier issues linked to Gottumukkala. Politico had previously reported that several CISA employees were put on leave last year after Gottumukkala did not pass a polygraph test that he himself had supported introducing. He rejected this claim and told lawmakers that he did not agree with that description of events.
