Key Points
- CISA acting director Madhu Gottumukkala uploaded “for official use only” documents to public ChatGPT.
- The uploads triggered automated security warnings designed to protect government data.
- Gottumukkala had an earlier exception to use ChatGPT despite a department-wide ban.
- DHS officials are assessing potential security impacts from the uploads.
- A CISA spokesperson described the AI usage as short‑term and limited.
- Uploading unclassified internal documents to a public AI model risks broader dissemination.
- Gottumukkala previously served as South Dakota’s chief information officer.
- He reportedly failed a counterintelligence polygraph, later labeled “unsanctioned” by DHS.
- Six career staff members were suspended from accessing classified information following the incident.
Incident Overview
The acting director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Madhu Gottumukkala, uploaded internal government documents that were marked “for official use only” to the public version of ChatGPT. This action set off multiple automated security warnings designed to prevent the theft or inadvertent disclosure of government files from federal networks.
Exception to Use ChatGPT
Gottumukkala had been granted an exception to use ChatGPT earlier in his tenure as CISA director, at a time when other employees were prohibited from accessing the tool. The exception allowed him to interact with the large language model despite a broader departmental ban.
Departmental Response
Officials at the Department of Homeland Security, which oversees CISA, began evaluating whether any harm had occurred to government security as a result of the uploads. A CISA spokesperson characterized Gottumukkala’s use of the AI system as “short‑term and limited.”
Potential Risks
Uploading unclassified yet internal government documents to a public AI platform is problematic because the model can incorporate the information into its training data. This could enable the contents to be shared with other users of the system, raising concerns about the inadvertent dissemination of sensitive information.
Background on the Director
Before his appointment at CISA, Madhu Gottumukkala served as the chief information officer of South Dakota under former Governor Kristi Noem. Following his move to CISA, he reportedly failed a counterintelligence polygraph, an event later described by Homeland Security as “unsanctioned.” In the wake of the incident, six career staff members were suspended from accessing classified information.
Implications for Government AI Policy
The episode highlights the challenges federal agencies face in balancing the adoption of advanced AI tools with the need to protect sensitive data. It underscores the importance of clear policies and strict enforcement mechanisms to prevent similar occurrences in the future.
Source: techcrunch.com