Acting CISA Director Madhu Gottumukkala reportedly uploaded documents labeled 'For Official Use Only' to the public version of ChatGPT after receiving a temporary exception to a department-wide block. The uploads triggered automated CISA/DHS security alerts and led to an internal DHS investigation; the findings have not been released. CISA says the access was short-term and controlled, and that Gottumukkala last used ChatGPT in mid-July 2025. The case underscores risks because public ChatGPT may include user-uploaded material in responses available to hundreds of millions of users.
Acting CISA Director Allegedly Uploaded 'For Official Use Only' Files To Public ChatGPT — DHS Opens Review
Donald Trump using his cell phone
Acting Cybersecurity and Infrastructure Security Agency (CISA) Director Madhu Gottumukkala is reported to have uploaded sensitive government documents, including materials labeled 'For Official Use Only,' to the public version of ChatGPT after receiving a temporary exception to a department-wide block. The uploads triggered multiple automated security alerts and prompted an internal review at the Department of Homeland Security (DHS), according to reporting by Politico.
Gottumukkala joined CISA in May 2024 and, per Politico, requested special access to the public ChatGPT service from CISA's Office of the Chief Information Officer shortly after his arrival. Officials told Politico that some uploads set off several of the agency's detection systems within the span of a week.
'He forced CISA's hand into making them give him ChatGPT, and then he abused it,' one DHS official told Politico. Another official said the uploads generated multiple alerts in a single week.
Following those automated alerts, DHS opened an investigation into a potential security breach. The agency has not publicly released the results of that inquiry.
CISA's director of public affairs, Marci McCarthy, told Politico that Gottumukkala 'was granted permission to use ChatGPT with DHS controls in place' and that the access was 'short-term and limited.' McCarthy said the acting director last used ChatGPT in mid-July 2025 under an authorized temporary exception, a timeline that differs slightly from other reporting suggesting some related activity occurred in August.
Security experts and agency officials raise concerns because the public version of ChatGPT used by Gottumukkala can incorporate user-uploaded content into responses available to the service's global user base — reported to be roughly 700 million active users. By contrast, DHS-approved AI tools are configured to keep inputs within federal networks to prevent data exfiltration.
The initial coverage of the incident was reported by Politico; an amplified headline appeared on Mediaite. CISA maintains that ChatGPT remains blocked by default for employees unless an exception is explicitly approved.
Help us improve.
