Just imagine the acting head of America’s cybersecurity agency requesting special permission to use the one AI tool banned for everyone else. Then imagine him uploading sensitive government documents to it. You don’t need much imagination—this actually happened.
When Cyber Leadership Goes Rogue
Madhu Gottumukkala, acting director of the Cybersecurity and Infrastructure Security Agency since May 2025, uploaded “for official use only” contracting documents to public ChatGPT last summer. Multiple automated security warnings lit up federal networks like a Christmas tree. The irony writes itself: the person protecting America’s digital infrastructure chose to feed sensitive data to a platform that shares inputs with millions of users for AI training.
While other DHS employees faced ChatGPT blocks, Gottumukkala forced his way to special access. He specifically requested and received permission from CISA’s CIO to use the public version instead of secure alternatives like DHSChat. Think about that for a moment—bypassing purpose-built secure tools to use the consumer version that explicitly harvests your data.
The Security Theater Unfolds
The uploads happened in July 2025, triggering warnings in August that apparently nobody acted on immediately. DHS eventually launched an internal review involving senior officials including acting general counsel Joseph Mazzara and multiple CIOs. According to an anonymous DHS official, Gottumukkala “forced CISA’s hand into making them give him ChatGPT, and then he abused it.”
CISA spokesperson Marci McCarthy now claims the use was “short-term and limited” under proper controls. The timeline disputes and bureaucratic finger-pointing suggest otherwise. Potential consequences range from mandatory retraining to full clearance revocation—outcomes that should terrify anyone concerned about federal cybersecurity leadership.
This incident perfectly captures the disconnect between AI hype and security reality in government. When the person tasked with protecting national infrastructure can’t distinguish between consumer and enterprise AI tools, you’ve got computer problems that run deeper than any single security breach.
