Trump’s CISA chief at it again: uploads sensitive files into ChatGPT
The interim head of CISA, America’s cyber defense agency, decided it was A-okay to upload sensitive documents into ChatGPT after requesting special permission to use the popular chatbot right after arriving at the agency last May.
-
CISA’s interim head Madhu Gottumukkala uploaded sensitive “for official use only” documents into the public version of ChatGPT, triggering security alerts despite the tool being blocked for other DHS employees.
-
Although the materials were not classified, experts warn that using public AI tools poses real risks because uploaded data can be retained, breached, or used to inform responses to other users.
-
The incident adds to growing turmoil at CISA, where Gottumukkala’s leadership has sparked internal backlash, staffing losses, and concerns over judgment and governance.
According to Politico, Madhu Gottumukkala uploaded sensitive information into a public version of ChatGPT. This triggered automated security warnings that are meant to stop the theft or accidental disclosure of government material from federal networks.
The interim boss of the Cybersecurity and Infrastructure Security Agency (CISA) had also requested special permission from CISA’s Office of the Chief Information Officer to use ChatGPT, even though the app was blocked for other Department of Homeland Security (DHS) employees at the time.
The conversation on this topic is live. Join in the discussion.
Thankfully, none of the files Gottumukkala fed into the chatbot were actually classified, Politico sources said. But the material was still marked “for official use only” and considered sensitive enough not to be released publicly.
If you’re asking what’s so public in uploading documents into a chatbot you’re using personally, well, you might be surprised.
OpenAI, the company behind ChatGPT, always says that it takes privacy and security seriously. Indeed, anything you upload to ChatGPT isn't published online and doesn’t appear in Google search results or on random websites.
But the data remains on the servers unless you, as a user, proactively delete it, so any breach by a hacker would endanger the information. And if a threat actor decides to leak or publish the files, well, then they’re definitely out there in public.
Besides, any material uploaded into the public version of ChatGPT can be used to help answer prompts from other users of the app. And there are many of those: OpenAI says more than 700 million people are active users.
It certainly hasn’t been a smooth ride for Gottumukkala, whose sole experience in IT before getting handed the current position was working in South Dakota under Trump devotee Kristi Noem, the current Homeland Security Secretary.
Damningly, other AI tools used by DHS employees – such as self-built chatbot DHSChat – are configured to prevent queries or documents input into them from leaving federal networks. Still, Gottumukkala used – and abused – ChatGPT.
It certainly hasn’t been a smooth ride for Gottumukkala, whose sole experience in IT before getting handed the current position was working in South Dakota under Trump devotee Kristi Noem, the current Homeland Security Secretary.
At least six career CISA staff were placed on leave this summer after Gottumukkala failed a counterintelligence polygraph exam that he himself pushed to take.
This angered other CISA employees and raised questions about what Gottumukkala’s priorities while heading the agency actually were. One current official described Gottumukkala’s tenure at CISA so far as “a nightmare.”
Last week, Gottumukkala also tried to oust CISA’s Chief Information Officer Robert Costello. Even though his move was blocked by other members of the agency, nearly 1,000 staffers have already left CISA over the Trump administration’s imposed workforce cuts.
Unlock more exclusive Cybernews content on YouTube.
