US cybersecurity leadership faces scrutiny after sensitive files uploaded to public AI tool |
The revelation that the acting head of the United States’ top cyber defense agency uploaded sensitive government documents into a public version of ChatGPT has triggered renewed concerns about how rapidly adopted artificial intelligence tools are being used inside the federal government. According to a Politico investigation, the incident has prompted an internal review within the Department of Homeland Security (DHS) and raised uncomfortable questions about leadership, judgment, and safeguards at the Cybersecurity and Infrastructure Security Agency (CISA).
At the center of the controversy is Madhu Gottumukkala, CISA’s acting director since May, who reportedly used ChatGPT last summer to input contracting documents marked “For Official Use Only” (FOUO). While the documents were not classified, they were considered sensitive and explicitly not intended for public release. The uploads were detected by CISA’s own cybersecurity monitoring systems, setting off automated security alerts in early August and leading to a DHS-led damage assessment.
The irony of the episode has not gone unnoticed. CISA is responsible for defending US civilian government networks and critical infrastructure against cyber threats, including data leaks, foreign espionage, and improper information handling. That the agency’s top official would trigger internal alarms by using a publicly accessible AI platform has fueled criticism from both cybersecurity professionals and lawmakers.
ChatGPT and similar generative AI tools were blocked for most DHS employees at the time of the incident, precisely because of concerns about data leakage. Gottumukkala, however, had requested and received a special exception allowing him to access the tool. According to officials cited by Politico, this exception was granted despite clear internal guidance warning against entering non-public government information into public AI systems.
The distinction between........