The acting director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) triggered internal security alerts last year after uploading sensitive government documents to a public version of OpenAI’s ChatGPT, according to people familiar with the matter.
Madhu Gottumukkala, who took office in May, shared documents marked “For Official Use Only” with the chatbot, Politico reported, citing four Department of Homeland Security (DHS) officials. Automated monitoring systems designed to detect potential data leaks flagged the activity multiple times, including during the first week of August, even though the materials were not classified.
See also: Malwarebytes Identifies Large-scale Leak Tied to Instagram Accounts
The incident drew attention because public versions of AI tools like ChatGPT transmit user inputs outside federal networks, unlike approved internal systems such as DHSChat that are configured to keep data within protected government infrastructure. OpenAI has said its service now has more than 700 million active users, highlighting the scale of potential exposure when sensitive information is shared.
Gottumukkala accessed the chatbot under a special exemption granted by CISA’s chief information officer, at a time when the tool was restricted for most DHS employees. The documents involved were reportedly related to contracts and carried restrictions indicating they were not intended for public release.
See also: OpenAI Introduces Aardvark, an AI-Powered Security Research Agent
CISA spokeswoman Marci McCarthy said the use of the tool was authorised and limited, describing it as “approved, short-term, limited, and conducted under security precautions,” while disputing the timeline of the uploads. An internal investigation is under way to determine whether the incident caused any damage, adding to scrutiny of how federal agencies manage the risks of emerging AI technologies.
