Indian-origin cyber head under lens for sharing US govt data on ChatGPT

Indian-origin Madhu Gottumukkala has come under the Trump administration’s radar for sharing sensitive government data on the public version of OpenAI’s artificial intelligence (AI) chatbot ChatGPT, according to a report by Politico.

 

The report said the move triggered multiple automated security alerts designed to prevent the theft or accidental disclosure of government material from federal networks.

 

Here is a closer look at who Madhu Gottumukkala is and why the issue has raised concerns.

Who is Madhu Gottumukkala?

Madhu Gottumukkala is the Acting Director and Deputy Director of the Cybersecurity and Infrastructure Security Agency (CISA). His job includes identifying, managing, and reducing risks to the cyber and physical infrastructure Americans rely on, including threats from hostile nation-states such as Russia and China.

 

 

Before joining CISA, Gottumukkala served as Commissioner and Chief Information Officer of South Dakota’s Bureau of Information and Technology, where he oversaw statewide IT and cybersecurity operations. He has over 24 years of experience in information technology. He has held senior leadership roles in both the public and private sectors, including in the telecom, wireless and health technology fields.

What did Gottumukkala do?

According to the report, Gottumukkala uploaded sensitive government contracting documents to the public version of ChatGPT last summer. While the documents were not classified, they were marked “for official use only,” which means they are sensitive and not meant for public release.

Why was this seen as serious?

The issue drew attention because Gottumukkala leads the US's main cyber defence agency. The report said he had asked for special permission to use ChatGPT soon after joining CISA, at a time when the tool was blocked for other Department of Homeland Security (DHS) employees.

 

Any information uploaded to the public version of ChatGPT can be accessed by OpenAI and may be used to respond to other users. OpenAI has said ChatGPT has more than 700 million active users.

 

Other AI tools approved for DHS staff, such as DHSChat, are designed to ensure data does not leave government networks.

What action was taken?

Cybersecurity sensors at CISA detected the uploads in August and flagged multiple warnings within a short period. After this, senior officials at the DHS carried out an internal review to check whether the uploads caused any harm to government security. The conclusion of the review has not been made public.

What did CISA say?

CISA’s Director of Public Affairs, Marci McCarthy, said Gottumukkala was allowed to use ChatGPT under special DHS controls. She said the use was limited and short-term.

 

She also said CISA remains committed to using AI to modernise government work, in line with President Donald Trump’s executive order on AI.

What happens next?

After the activity was detected, Gottumukkala discussed the matter with senior DHS officials and reviewed what was uploaded. DHS legal and IT officials were involved in assessing any possible impact.

 

Under DHS rules, any exposure of sensitive documents can lead to actions ranging from retraining and warnings to more serious steps, depending on the findings. It is not clear if any action has been taken so far.