In an unprecedented event, the United States’ cyber defense agency’s acting head is under scrutiny after uploading sensitive government documents to the public version of ChatGPT. This action, according to Politico, prompted internal cybersecurity warnings and triggered a Department of Homeland Security (DHS) damage assessment.
The incident, which unfolded last summer, involved Madhu Gottumukkala, the interim director of the Cybersecurity and Infrastructure Security Agency (CISA), who uploaded contracting documents marked “for official use only” into the AI chatbot.
CISA’s cybersecurity monitoring systems flagged the sensitive information in August, though it was not formally classified. This triggered multiple automated alerts intended to prevent unauthorized disclosure of government material.
Following these alerts, senior DHS officials initiated an internal review to determine if the incident compromised government security. The designation indicates that the agency did not intend the information for public release.
The conclusion of the review remains unclear. However, the episode drew particular scrutiny because Gottumukkala had requested special permission to use ChatGPT shortly after arriving at CISA in May. At the time, access to the tool was blocked for most DHS employees, according to the Politico report.
Following the incident, Gottumukkala met with senior officials from DHS and CISA, including legal and information security heads, to review the uploaded material and discuss the protocol for managing sensitive documents.
DHS policy mandates an investigation into the cause and impact of any restricted document exposure, with potential disciplinary actions ranging from retraining to the suspension of security clearances.