The appearing director of the Cybersecurity and Infrastructure Safety Company (CISA) uploaded delicate contracting paperwork marked “for official use solely” into the general public model of ChatGPT final summer season, triggering a number of automated safety alerts designed to stop information exfiltration from federal networks, 4 Division of Homeland Safety (DHS) officers informed Politico.
Madhu Gottumukkala, CISA’s interim head since Might 2025, had secured particular permission from the company’s Chief Info Officer to make use of the AI software shortly after becoming a member of.
On the time, ChatGPT remained blocked for different DHS workers. The uploads occurred in early August 2025, with cybersecurity sensors repeatedly flagging them with a number of warnings within the first week alone. Not one of the information have been categorised, however they contained delicate contracting data not meant for public launch.
CISA’s defenses detected the exercise, prompting senior DHS officers to launch an inside evaluate to judge potential hurt to nationwide safety.
Gottumukkala mentioned the uploads with DHS leaders, together with then-acting normal counsel Joseph Mazzara and Chief Info Officer Antoine McCord. He additionally met with CISA’s CIO Robert Costello and chief counsel Spencer Fisher in August to handle the dealing with of “for official use solely” (FOUO) materials.
DHS coverage mandates investigating such exposures, assessing causes, and contemplating actions from retraining to safety clearance revocation. One nameless official criticized Gottumukkala harshly: “He pressured CISA’s hand into making them give him ChatGPT, after which he abused it.” The evaluate’s final result stays undisclosed.
Public ChatGPT shares consumer inputs with OpenAI, which boasts over 700 million energetic customers. This dangers delicate information coaching fashions accessible to adversaries, together with state-backed hackers from Russia and China, exactly the threats CISA counters.
CISA spokesperson Marci McCarthy acknowledged Gottumukkala used ChatGPT “with DHS controls in place” beneath a “short-term and restricted” exception, final accessing it in mid-July 2025. She emphasised the company’s AI dedication per President Trump’s govt order.
In distinction, authorised DHS instruments, resembling the interior DHSChat, retailer information on federal networks. All federal staff obtain coaching on dealing with delicate paperwork.
Gottumukkala’s tenure has drawn scrutiny. Six profession workers members have been positioned on go away after his unsanctioned counterintelligence polygraph failure.
In testimony, he denied the “failed check” premise. Final week, he tried to oust Costello, however was blocked by appointees, as reported by Politico.
Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.
