US Cybersecurity Chief Prompts Security Review After Using ChatGPT for Official Work

The acting head of the United States’ Cybersecurity and Infrastructure Security Agency (CISA) is under review after uploading sensitive government documents to the public version of ChatGPT, raising cybersecurity concerns and prompting a Department of Homeland Security (DHS) damage assessment.

The incident, reported by Politico, occurred last summer when Madhu Gottumukkala, CISA’s interim director, uploaded contracting documents labeled “for official use only” into the AI chatbot. While the information was not formally classified, CISA’s cybersecurity monitoring systems flagged it in August, generating automated alerts designed to prevent the unauthorized disclosure of government material.

Following the alerts, senior DHS officials launched an internal review to evaluate whether the incident posed any security risks. The review is ongoing, and its findings have not been publicly disclosed. The situation drew attention because Gottumukkala had requested special permission to use ChatGPT shortly after joining CISA in May, at a time when access to the AI tool was restricted for most DHS employees.

After the upload, Gottumukkala met with DHS and CISA leaders, including legal and information security personnel, to examine the documents and discuss proper handling protocols for sensitive information. DHS policy requires that any exposure of restricted documents be investigated, with potential consequences ranging from retraining to suspension of security clearances, depending on the outcome of the review.