US cyber agency’s acting head Madhu Gottumukkala grilled for ChatGPT document leak

Madhu Gottumukkala, Acting Director of US cybersecurity agency CISA, is under scrutiny after reportedly uploading sensitive government contracting documents to public ChatGPT, triggering DHS security alerts and an internal review, raising fresh concerns over AI use and federal data protection practices.

Madhu Gottumukkala, the Acting Director of the US Cybersecurity and Infrastructure Security Agency (CISA), is facing internal scrutiny after reportedly uploading sensitive government contracting documents to the public version of ChatGPT, prompting security alerts and a review within the Department of Homeland Security (DHS).

According to reports citing DHS officials, the incident occurred last summer when cybersecurity monitoring systems detected multiple uploads of official files to ChatGPT. While the material was not classified, it reportedly included documents marked “For Official Use Only” (FOUO) — a designation for sensitive but unclassified government information not intended for public release.

The alerts triggered an internal DHS review to determine whether any security risks arose from the disclosures. Senior DHS officials, including then-acting General Counsel Joseph Mazzara and Chief Information Officer Antoine McCord, were said to be involved in assessing the potential impact. Gottumukkala also met CISA Chief Information Officer Robert Costello and chief counsel Spencer Fisher to review the matter.

CISA’s public affairs office later stated that Gottumukkala had received special approval to use ChatGPT under temporary DHS controls at a time when the tool was otherwise blocked for most employees. The agency described his use as “short-term and limited” and said he last accessed the platform in mid-July 2025 under an authorised exception. CISA maintains a default policy of restricting access to public AI tools unless specific approval is granted.

The episode has amplified concerns within federal agencies about how generative AI tools are used with sensitive government data. Unlike internally approved systems such as DHSChat, public AI platforms may store or process user inputs externally, creating potential data exposure risks.

Who is Madhu Gottumukkala?

Gottumukkala currently serves as Acting Director and Deputy Director of CISA, the federal agency responsible for protecting US critical infrastructure and government networks from cyber and physical threats. He has led the agency in an interim capacity since May, following his appointment by DHS Secretary Kristi Noem, as Senate confirmation of a permanent nominee remains pending.

A seasoned technology administrator, Gottumukkala has over two decades of experience in information technology across government and private sectors. Before joining CISA, he was Commissioner and Chief Information Officer of South Dakota’s Bureau of Information and Technology, overseeing statewide IT and cybersecurity operations. He also served as South Dakota’s Chief Technology Officer.

Born in India, Gottumukkala studied engineering before moving to the US. His academic credentials include degrees in electronics and communication engineering, computer science, engineering and technology management, and a doctorate in information systems. He also serves on an advisory committee at Dakota State University.

The incident comes at a time when the US government is accelerating AI adoption while still refining policies to safeguard sensitive data. As CISA itself plays a central role in defending federal networks, the matter has drawn attention to the balance between innovation and information security.