The interim head of the country’s cyber defence agency uploaded sensitive government documents into the public version of ChatGPT last summer, according to Politico, citing four officials from the Department of Homeland Security who are familiar with what happened.
The uploads reportedly triggered multiple automated security alerts. These alerts are designed to prevent government material from being accidentally shared or taken out of federal networks.
The official involved, according to Policito, was Madhu Gottumukkala, who is currently serving as the acting director of the Cybersecurity and Infrastructure Security Agency (CISA). Gottumukkala has been leading CISA in an acting role since May, after being appointed deputy director by DHS Secretary Kristi Noem.
Who is Madhu Gottumukkala?
Dr. Madhu Gottumukkala currently serves as the Acting Director and Deputy Director of the Cybersecurity and Infrastructure Security Agency (CISA). According to the agency, he helps guide the agency’s work to protect the cyber and physical systems that people across the United States depend on every day.
Before taking on the deputy director role at CISA, Gottumukkala was the Commissioner and Chief Information Officer for South Dakota’s Bureau of Information and Technology. As South Dakota’s CIO, he oversaw technology and cybersecurity efforts across the entire state.
Earlier in his career, he also served as South Dakota’s Chief Technology Officer, becoming only the second person to ever hold that position in the state. Gottumukkala has more than 24 years of experience in information technology. Over the years, he has worked in both government and private industry.
In addition to his government work, he currently serves on the Advisory Committee of the College of Business and Information Systems at Dakota State University.
Madhu Gottumukkala was born on October 29, 1976. He completed his undergraduate studies at Andhra University, India, where he earned a Bachelor of Engineering in Electronics and Communication Engineering. He later moved to the United States to continue his education. He holds a Ph.D. in Information Systems from Dakota State University. He also earned an MBA in Engineering and Technology Management from the University of Dallas, a Master’s degree in Computer Science from the University of Texas at Arlington.
Sensitive files were uploaded to ChatGPT
According to Politico, what made the incident stand out even more was that Gottumukkala had personally asked for special permission to use ChatGPT soon after he joined CISA in May, three officials said. At that time, ChatGPT was blocked for most other DHS employees. He received that permission from CISA’s Office of the Chief Information Officer, even though the tool was not widely allowed across the department.
According to the four officials, none of the files uploaded were classified. However, the documents included CISA contracting materials marked “for official use only.” This label is used for information that is considered sensitive and not meant to be shared publicly.
CISA’s internal cybersecurity sensors detected the uploads in August, the officials said. One official added that there were multiple warnings in just the first week of August. After the alerts were raised, senior DHS officials launched an internal review to check whether the uploads caused any damage to government security. Two officials confirmed that such a review took place. However, it is still unclear what the review ultimately found.
In an emailed statement, Marci McCarthy, CISA’s Director of Public Affairs, said that Gottumukkala “was granted permission to use ChatGPT with DHS controls in place.” She added that “this use was short-term and limited.”
McCarthy also said the agency remains committed to “harnessing AI and other cutting-edge technologies to drive government modernisation and deliver on” Trump’s executive order removing barriers to America’s leadership in AI.
Why using public ChatGPT matters
Any information uploaded into the public version of ChatGPT is shared with OpenAI, the company that owns the tool. This data can be used to help answer questions from other users. OpenAI has said ChatGPT has more than 700 million active users worldwide. After the activity was detected, Gottumukkala met with senior DHS officials to review exactly what he had uploaded, according to two officials, cited by Politico.
DHS’s then-acting general counsel, Joseph Mazzara, was involved in evaluating potential harm, one official said. Antoine McCord, DHS’s chief information officer, was also part of the review, according to another official.