Acting Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Madhu Gottumukkala is reportedly under investigation after uploading internal agency documents to the public ChatGPT service. The case, disclosed by Politico citing sources in the Department of Homeland Security (DHS), underscores how generative AI tools can become a new vector for data exposure even within leading cybersecurity agencies.
Acting CISA Director Under Investigation for Using ChatGPT with Sensitive Files
According to media reports, shortly after joining CISA last summer, Gottumukkala submitted sensitive CISA contracting documents to ChatGPT. The files were labeled “for official use only” (FOUO)—not classified, but explicitly restricted from public disclosure due to potential impact on government operations and privacy.
The upload triggered DHS internal security monitoring systems designed to detect potential data leakage from federal networks to external cloud services. These data loss prevention (DLP) tools automatically analyze outbound traffic and flag movements of sensitive or policy-protected information.
How internal controls flagged the ChatGPT data transfer
Most DHS personnel do not have direct access to public generative AI platforms such as ChatGPT. Instead, they are expected to use approved, government-hosted AI tools like DHSChat, deployed within protected infrastructure where data formally remains inside federal environments.
Reports indicate that Gottumukkala obtained a specific exception to use OpenAI’s public ChatGPT service, though the official purpose for that exemption has not been disclosed. The subsequent transfer of FOUO contracting information to an external AI model appears to have violated, or at least tested the limits of, DHS data handling rules.
Why Uploading ‘For Official Use Only’ Data to ChatGPT Is a Security Risk
While the documents in question were not classified, FOUO status means that unauthorized access could still cause operational, privacy, or reputational harm. Such information can reveal procurement strategies, internal processes, or details about critical infrastructure that adversaries could exploit.
Public generative AI services process data on infrastructure owned and operated by the provider. Even when vendors offer settings to disable training on user inputs, organizations do not have the same level of technical, legal, and audit control that they have over internal systems. In the worst case, model training pipelines, logs, or backups could expose fragments of sensitive documents if the provider’s environment is compromised.
Security researchers have already demonstrated “prompt injection” and “model inversion” techniques that can sometimes extract training data or sensitive patterns from large language models. With hundreds of millions of global ChatGPT users, even a low probability of disclosure is operationally unacceptable for an agency charged with protecting U.S. critical infrastructure and elections.
Public generative AI vs. government-controlled AI environments
Globally, governments are moving toward closed, controlled generative AI deployments: on-premises language models, sovereign cloud regions, or dedicated “government editions” of commercial AI platforms with strict data segregation and compliance commitments.
Best practice in these environments combines:
— Rigorous data classification: clear rules on what may never be entered into public AI tools (e.g., personal data, operational details, law-enforcement sensitive information, trade secrets).
— Technical safeguards: blocking access to unapproved AI services, enforcing DLP and Cloud Access Security Broker (CASB) controls, and using secure proxies for approved tools.
— Policy and training: practical guidance, real sanctions for violations, and ongoing awareness campaigns explaining why AI-related data leakage is different from traditional email or file-sharing risks.
DHS Investigation and Potential Consequences for CISA Leadership
Politico reports that DHS launched an internal investigation in August to assess the potential impact on national security and determine whether agency policies were breached. The outcome will likely examine not only the technical exposure but also the precedent set by senior leadership behavior.
Possible consequences reportedly range from a formal reprimand and mandatory retraining to suspension or revocation of Gottumukkala’s security clearance. For the acting head of CISA, loss or restriction of clearance would severely limit access to classified threat intelligence and hamper the ability to perform the role effectively.
Broader Controversies Around CISA’s Acting Director
The ChatGPT incident comes amid other controversies surrounding Gottumukkala’s tenure. Congress has already questioned him over significant staff reductions at CISA, with headcount reportedly falling from about 3,400 to 2,400 employees. Lawmakers warn that such cuts could weaken CISA’s capacity to defend critical infrastructure, support election security, and respond to potential cyber conflicts involving nation-states such as China.
Media reports have also highlighted allegations that Gottumukkala failed a polygraph examination while seeking access to highly sensitive cyber intelligence. He subsequently claimed the test was “unauthorized” and declined to discuss its results. Gottumukkala assumed the acting director role in 2023 after a previous nominee was blocked in the Senate.
Practical Cybersecurity Lessons for Safe Use of ChatGPT and Generative AI
This case illustrates that even senior, technically literate leaders can mishandle generative AI. Similar incidents have already occurred in the private sector: for example, in 2023, multiple reports surfaced of employees at major firms pasting source code and internal documents into ChatGPT, prompting companies like Samsung and several financial institutions to restrict such tools.
Organizations in both the public and private sectors should draw several practical lessons:
1. Establish explicit AI usage policies. Define which data types are prohibited from entering public AI tools—such as personally identifiable information (PII), health data, financial records, internal security procedures, or partner-confidential information—and embed these rules into onboarding, contracts, and acceptable use policies.
2. Prefer enterprise or sovereign AI deployments. Where possible, use enterprise-grade or self-hosted generative AI solutions with dedicated data isolation, compliance attestations, detailed logging, and the ability to opt out of model training on customer data.
3. Combine policy with technical enforcement. Blocking or restricting access to unapproved AI tools, enforcing DLP and CASB controls, and reviewing proxy logs can significantly reduce the risk of accidental leakage. Reliance on policy alone is rarely sufficient.
4. Invest in continuous training and real-world examples. Staff should understand how large language models work, what happens to submitted data, and what kinds of attacks and breaches have already occurred. Concrete case studies—such as the CISA investigation—are often more effective than abstract warnings.
The investigation around CISA’s acting director is a reminder that a single misjudgment at leadership level can create systemic exposure. As generative AI becomes embedded in government and business processes, organizations should proactively revisit their AI security strategies, update policies, and deploy technical safeguards now—before a convenient chatbot session turns into the next high-profile data leak.
