CISA Acting Director Reportedly Uploaded Sensitive Government Documents to Public ChatGPT Instance

In summer 2025, Madhu Gottumukkala, the interim head of the Cybersecurity and Infrastructure Security Agency (CISA), uploaded sensitive contracting documents into the public version of ChatGPT. Gottumukkala had requested and received special permission to use ChatGPT soon after arriving at the agency in May, while the app was blocked for other DHS employees. The documents were marked 'for official use only,' a government designation for sensitive information not intended for public release, though none were classified. Cybersecurity sensors at CISA flagged the uploads in August 2025, with multiple warnings occurring in the first week of August alone. Any material uploaded to the public ChatGPT is shared with OpenAI and can be used to help answer prompts from other users of the app, which has over 700 million active users. Senior DHS officials subsequently led an internal review to assess potential harm to government security, involving the acting general counsel Joseph Mazzara and chief information officer Antoine McCord. Gottumukkala had meetings with CISA's chief information officer Robert Costello and chief counsel Spencer Fisher about the incident and proper handling of sensitive material. The conclusion of the internal review is not specified in the report.