WASHINGTON, Jan 29, 2026, 04:12 (EST)
- The acting head of CISA uploaded sensitive contracting documents to a public ChatGPT, reports said
- Internal security tools flagged the activity and DHS reviewed potential impact; outcome unclear
- CISA said the ChatGPT access was approved as short-term and limited, with controls in place
The acting head of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) uploaded sensitive government contracting documents into a public version of OpenAI’s ChatGPT, triggering internal security alerts and a Department of Homeland Security review, Politico reported. Politico
The episode is the latest flashpoint over generative AI — tools that can produce text from user prompts — inside government. CISA plays a central role in helping protect federal networks and critical infrastructure, and even routine contracting material can be treated as sensitive when it is not meant for public release.
Madhu Gottumukkala, CISA’s acting director, obtained special permission to use ChatGPT at a time when most DHS staff were blocked from the tool, the reports said.
The documents were not classified, but were marked “for official use only,” a label agencies use for information considered sensitive and not intended for public release. Cybersecurity sensors flagged the uploads several times in August, prompting an internal DHS review to assess whether the exposures harmed government security, with no public conclusion. Ndtv
CISA said the use was authorized and limited. Marci McCarthy, the agency’s public affairs director, said Gottumukkala’s use was “short-term and limited” and took place with DHS controls in place, and she disputed parts of the timeline by saying he last used the tool in mid-July 2025 and that ChatGPT remains blocked by default unless an exception is granted. The Independent
Gottumukkala has led CISA in an acting capacity since May, after DHS Secretary Kristi Noem tapped him as the agency’s deputy director, the reports said. He previously served as chief information officer for South Dakota’s Bureau of Information and Technology.
The reports said Trump’s nominee to run CISA permanently, Sean Plankey, has yet to win Senate confirmation after a previous bid ran into opposition linked to a Coast Guard shipbuilding contract.
AJ Grotto, a former White House cyber policy director, called the allegations “troubling” and said foreign adversaries exploit such lapses. Andrew Gamino-Cheong, co-founder and CTO of Trustible, said catching the activity was “a sign of very high AI governance maturity.” Bankinfosecurity
The Independent said representatives for CISA and OpenAI did not immediately respond to its requests for comment.
But the big uncertainty is what the internal review found and whether any sensitive details could have been exposed beyond the agency’s controls. The reports did not say what specific information appeared in the materials uploaded to the public chatbot.
Gottumukkala has drawn scrutiny on other fronts since arriving at CISA. The Independent cited earlier reporting that several staff were placed on leave following a dispute over a polygraph test he requested, which he has contested.
The ChatGPT episode is likely to fuel more questions about CISA’s internal controls and leadership at a time of heavy pressure on the agency from lawmakers and rising cyber threats. CISA’s stance remains to block ChatGPT by default unless an exception is approved, McCarthy said.
