Politico claims that last summer, Madhu Gottumukkala, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), shared cybersecurity and contracting-related materials with the AI platform for work-related objectives, which resulted in an internal assessment and automated security alarms.
The head of the US agency in charge of safeguarding government networks allegedly posted private internal data to a public version of ChatGPT, a moment of irony that has echoed through Washington’s cybersecurity circles.
Who is Madhu Gottumukkala?
Under US President Donald Trump’s administration, Gottumukkala now holds the positions of Acting Director and Deputy Director for the Cybersecurity and Infrastructure Security Agency (CISA). He is also a member of Dakota State University’s College of Business and Information Systems Advisory Committee.
He oversaw statewide technology and cybersecurity projects as Commissioner and Chief Information Officer for South Dakota’s Bureau of Information and Technology prior to being nominated as CISA Deputy Director. In the past, he was also South Dakota’s second-only Chief Technology Officer.
Gottumukkala graduated from Dakota State University with a PhD in information systems, the University of Dallas with an MBA in engineering and technology management, the University of Texas at Arlington with an M.S. in computer science, and Andhra University with a B.E. in electronics and communication engineering.
How Gottumukkala landed at the centre of ChatGPT security controversy
After joining CISA in May of last year, Gottumukkala received special authorization from the agency’s Office of the Chief Information Officer to utilize ChatGPT, even though it was restricted for other DHS workers.
The uploads made to the AI chatbot in August were later discovered by cybersecurity monitoring systems, which prompted several security alerts in just the first week.
The officials claimed that although the files labeled for official use only were not classified, they did include private information that was not intended for public disclosure. Senior DHS leadership launched an internal study to evaluate possible threats to government security following the discovery, but it is still unknown how the review turned out.
Gottumukkala met with DHS chief information officer Antoine McCord and then-acting general counsel Joseph Mazzara to discuss any risks to the department after the event. In August, he also met with chief counsel Spencer Fisher and CISA CIO Robert Costello to discuss how to handle sensitive material.
Gottumukkala was granted permission to use ChatGPT with DHS controls in place, according to a statement sent to Politico by CISA Director of Public Affairs Marci McCarthy in reaction to the incident. “This use was short-term and limited,” she stated.
The last time Acting Director Dr. Madhu Gottumukkala used ChatGPT was in the middle of July 2025, when select workers were allowed an authorized temporary exception. According to Politico, McCarthy said, “CISA’s security posture remains to block access to ChatGPT by default unless granted an exception.”
Also Read: Indian Army’s Bhairav Battalion: ‘Invisible, Invincible’ New Elite Unit for Swift Threat Elimination
Due to current controversies surrounding Gottumukkala, the incident has been under increased attention. Politico had previously revealed that Gottumukkala had lobbied for the implementation of a polygraph test, which resulted in the placement of numerous CISA employees on leave last year. He told lawmakers he did not accept the premise of that depiction and denied failing the test.
