Indian-origin US cyber watchdog's head uploads sensitive ‘For Official Use Only’ files on ChatGPT: Report

In an episode that has left Washington’s cyber community shaking its head, the acting head of America’s top civilian cybersecurity agency is reported to have shared sensitive internal material on a public version of ChatGPT.

Madhu Gottumukkala, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), uploaded government contracting and cyber-related documents last summer while using an AI tool for work, a move that reportedly triggered internal alerts and prompted a review, according to a Politico report.

The files were not classified, but they were labelled “For Official Use Only”, a tag meant to limit public circulation. Multiple officials at the Department of Homeland Security (DHS) said the uploads were caught by safeguards designed to detect and prevent the exposure of sensitive government information, Politico reported.

Who is Madhu Gottumukkala?

Gottumukkala, who is of Indian origin, oversees an agency tasked with defending federal networks against advanced cyber threats, including those linked to state-backed actors such as Russia and China. He holds a PhD in Information Systems from Dakota State University, along with advanced degrees in computer science and technology management, and an engineering degree from Andhra University.

Internal review and why the ChatGPT access matters

Politico reported that senior DHS officials began an internal review in August to evaluate whether the incident posed any risk to government systems or infrastructure, though the findings have not been disclosed publicly.

The matter has drawn heightened concern because Gottumukkala reportedly had special clearance to use ChatGPT at a time when most DHS personnel were blocked from accessing it.

Data entered into the public version of the OpenAI tool can potentially be retained and used to improve the model, raising fears that sensitive content could be exposed beyond federal systems.

CISA, however, sought to play down the scale of the incident. In a statement sent to Politico, agency spokesperson Marci McCarthy said Gottumukkala’s use of ChatGPT was allowed under DHS controls and limited in nature.

“Acting Director Dr. Madhu Gottumukkala last used ChatGPT in mid-July 2025 under an authorized temporary exception,” McCarthy said, adding that CISA continues to block access to ChatGPT as a default unless specific exceptions are approved.

Added scrutiny amid earlier controversies

This is not the first time Gottumukkala has landed in official-level trouble. The ChatGPT development comes at a time when his leadership is already undergoing scrutiny. As per another report by Politico, last year, several CISA staff members were placed on leave following a controversy linked to a polygraph test that was pushed by Gottumukkala. Later, he denied failing the test, telling lawmakers he did not accept that framing.