Madhu Gottumukkala, Indian American interim director of the Cybersecurity and Infrastructure Security Agency (CISA) has been accused of uploading sensitive contracting documents into a public version of ChatGPT, triggering an internal cybersecurity warning.
The apparent misstep from Gottumukkala last summer, triggered multiple automated security warnings with the uploads — and a Department of Homeland Security-level damage assessment, Politico reported citing four DHS officials with knowledge of the incident. Such warnings are meant to stop the theft or unintentional disclosure of government material from federal networks.
Gottumukkala, according three of the officials cited by Politico had requested special permission from CISA’s Office of the Chief Information Officer to use the popular AI tool soon after arriving at the agency this May. The app was blocked for other DHS employees at the time.
None of the files Gottumukkala plugged into ChatGPT were classified, but the material included CISA contracting documents marked “for official use only,” a government designation for information that is considered sensitive and not for public release, according to the four DHS officials cited by Politico.
READ: Indian American Impact denounces Trump’s $100,000 fee on H-1B visas (
Cybersecurity sensors at CISA flagged the uploads this past August, said the four officials. One official specified there were multiple such warnings in the first week of August alone.
Senior officials at DHS subsequently led an internal review to assess if there had been any harm to government security from the exposures, according to two of the four officials. It is not clear what the review concluded, according to Politico.
In an emailed statement to Politico, CISA’s Director of Public Affairs Marci McCarthy said Gottumukkala “was granted permission to use ChatGPT with DHS controls in place,” and that “this use was short-term and limited.”
McCarthy added that the agency was committed to “harnessing AI and other cutting-edge technologies to drive government modernization and deliver on” President Donald Trump’s executive order removing barriers to America’s leadership in AI.
The email also appeared to dispute the timeline of P0litico’s reporting: “Acting Director Dr. Madhu Gottumukkala last used ChatGPT in mid-July 2025 under an authorized temporary exception granted to some employees. CISA’s security posture remains to block access to ChatGPT by default unless granted an exception.”
Gottumukkala is currently the senior-most political official at CISA, an agency tasked with securing federal networks against sophisticated, state-backed hackers from adversarial nations, including Russia and China.
Gottumukkala “forced CISA’s hand into making them give him ChatGPT, and then he abused it,”said one official cited by Politico. After DHS detected the activity, Gottumukkala spoke with senior officials at DHS to review what he uploaded into ChatGPT, said two of the four officials.
READ: How Indian Americans should respond to a shifting political climate (
Gottumukkala also had meetings this August with CISA’s chief information officer, Robert Costello, and its chief counsel, Spencer Fisher, about the incident and the proper handling of for official use only material, Politico cited the four officials as saying.
Gottumukkala’s tenure atop the agency has not been smooth — and this would not be his first security-related incident, Politico noted.
At least six career staff were placed on leave this summer after Gottumukkala failed a counterintelligence polygraph exam that he pushed to take, according to Politico.
DHS has called the polygraph “unsanctioned.” Asked during Congressional testimony last week if he was “aware” of the failed test, Gottumukkala twice told Rep. Bennie Thompson (D-Miss.) that he did not “accept the premise of that characterization.”
Prior to his appointment as the CISA Deputy Director, Dr. Gottumukkala served as Commissioner and Chief Information Officer for South Dakota’s Bureau of Information and Technology, overseeing statewide technology and cybersecurity initiatives.
Gottumukkala holds a PhD in Information Systems from Dakota State University, an MBA in Engineering and Technology Management from the University of Dallas, an M.S. in Computer Science from the University of Texas at Arlington, and a BE in Electronics and Communication Engineering from Andhra University.