According to a report by Politico, the acting head of the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, uploaded sensitive contracting documents to ChatGPT. The documents were marked “for official use only.”
The outlet cited officials who stated that CISA’s acting director, Madhu Gottumukkala, triggered multiple automated security warnings. These warnings are designed to prevent the theft or accidental disclosure of government files from federal networks. Gottumukkala was appointed to his role by former President Trump.
Officials reported that Gottumukkala was granted an exception to use ChatGPT earlier in his tenure, at a time when other CISA employees were prohibited from using the tool. Following the incident, officials at the Department of Homeland Security, which oversees CISA, sought to determine if any harm to government security resulted from the uploads.
Uploading unclassified but internal government documents to a public large language model is considered problematic. This action allows the model to train on that information, which could potentially lead to its contents being shared with other users of the platform.
A CISA spokesperson told Politico that Gottumukkala’s use of ChatGPT was described as “short-term and limited.”
Prior to his appointment at CISA, Gottumukkala served as the chief information officer of South Dakota under then-Governor Kristi Noem. Following his move to CISA, it was reported that Gottumukkala failed a counterintelligence polygraph examination. The Department of Homeland Security later claimed this polygraph was “unsanctioned.” Subsequently, the agency suspended six career staff members from accessing classified information.