America’s top cyber defense shop is under fire after its acting director reportedly uploaded “for official use only” government documents into the public version of ChatGPT.
Story Snapshot
- DHS officials said automated security systems repeatedly flagged uploads of sensitive, unclassified material to public ChatGPT by CISA’s acting director.
- CISA said the use was authorized under a temporary exception and was “short-term and limited,” with last use in mid-July 2025.
- Politico reported alerts continued into early August 2025, creating an unresolved timeline dispute with CISA’s statement.
- The episode spotlights the difference between public AI tools and government-contained systems designed to keep data on federal networks.
Security Protocols Collide With Public AI Convenience
Department of Homeland Security officials told reporters that Madhu Gottumukkala, acting director of the Cybersecurity and Infrastructure Security Agency, uploaded documents marked “for official use only” into a public version of ChatGPT. ChatGPT had been blocked for other DHS employees at the time, reflecting long-standing concerns about data exposure when using consumer AI platforms. Multiple automated security alerts reportedly triggered inside DHS systems, prompting internal scrutiny.
CISA’s public position is that Gottumukkala’s access was not a free-for-all. The agency said he used ChatGPT under an “authorized temporary exception” and that the agency’s default posture remains blocking the tool unless an exception is granted. That distinction matters because exceptions are supposed to come with guardrails. The reporting, however, indicates the alerts raised immediate questions about whether those guardrails worked as intended.
CISA's acting director uploaded sensitive files into public ChatGPT, triggering internal security warnings, officials say.https://t.co/2QPMlsDhra pic.twitter.com/CGmzsjqdPT
— Interesting Engineering (@IntEngineering) January 29, 2026
The Timeline Dispute Raises Oversight Questions
One central uncertainty is timing. CISA’s statement says Gottumukkala last used ChatGPT in mid-July 2025, while reporting based on DHS officials describes multiple automated warnings in early August 2025, including several alerts in the first week alone. Those two accounts could be reconciled only if logs, definitions, or systems differ, but the available reporting does not provide enough detail to settle it. The internal DHS review has not been publicly released.
Even without classified documents, “for official use only” material can include contracting information and operational details that adversaries exploit. Cybersecurity researchers have warned that information entered into public large language models can be exposed through breaches, legal processes, or unintended disclosure in responses. That is why many agencies push staff toward government-approved tools designed to prevent documents and prompts from leaving federal networks in the first place.
Why Public ChatGPT Is Different From Government AI Tools
The reporting draws a clear contrast: DHS has approved certain internal AI tools, including a self-built chatbot referenced as keeping queries and documents inside federal systems. Public ChatGPT is not built for that containment by default. When leadership chooses a consumer platform for speed or convenience, it can undercut the very controls the agency expects rank-and-file employees to follow. For a security agency, that kind of exception culture can become a vulnerability all its own.
Leadership Turmoil Adds Pressure Inside CISA
The episode also landed amid broader internal strain. Reporting describes sharp disagreements inside the agency and significant staffing losses tied to workforce cuts, with roughly 1,000 staffers leaving. Separate reporting also describes Gottumukkala attempting to remove CISA’s chief information officer, a move that was blocked. While those personnel battles are distinct from the ChatGPT issue, they help explain why employees and officials treated the alerts as more than a routine compliance hiccup.
For Trump-supporting voters who want the government to be both strong and restrained, the takeaway is straightforward: modernization cannot mean bypassing basic safeguards, especially at an agency tasked with protecting federal networks from hostile foreign actors. The public does not yet have the internal review’s findings, and the details of what was uploaded remain undisclosed. Until DHS provides clarity, the most responsible conclusion is that oversight and data-handling rules must be tightened before AI access expands.
Sources:
Trump’s Cyber Chief Uploaded Sensitive Files to ChatGPT: Report
Madhu Gottumukkala CISA ChatGPT incident
Trump’s acting cyber chief uploaded sensitive files into public ChatGPT
Trump’s acting cybersecurity chief uploaded sensitive government docs to ChatGPT
