Premium

US cybersecurity chief at centre of ChatGPT security controversy: Who is Madhu Gottumukkala, and what landed him in soup

In a response to the incident, CISA Director of Public Affairs Marci McCarthy said in a statement emailed to Politico that Gottumukkala "was granted permission to use ChatGPT with DHS controls in place". She said that "this use was short-term and limited".

3 min readUpdated: Jan 30, 2026 01:22 PM IST

Trump-appointed acting cyber chief Madhu Gottumukkala (Photo: X/@CISAgov)

Madhu Gottumukkala, the interim chief of the US Cybersecurity and Infrastructure Security Agency (CISA), triggered multiple security alerts after he uploaded sensitive government contracting files to a public version of ChatGPT last summer, reported Politico, citing four Department of Homeland Security (DHS) officials familiar with the matter.

Who is Madhu Gottumukkala?

Gottumukkala is currently serving as the Acting Director and the Deputy Director for the Cybersecurity and Infrastructure Security Agency (CISA) under US President Donald Trump’s administration.

Additionally, he serves on the Advisory Committee of the College of Business and Information Systems at Dakota State University.

Before being appointed as the CISA Deputy Director, he served as Commissioner and Chief Information Officer for South Dakota’s Bureau of Information and Technology, overseeing statewide technology and cybersecurity initiatives.

He also previously served as the second-highest South Dakota Chief Technology Officer.

Gottumukkala holds a PhD in Information Systems from Dakota State University, an MBA in Engineering and Technology Management from the University of Dallas, an M.S. in Computer Science from the University of Texas at Arlington, and a B.E. in Electronics and Communication Engineering from Andhra University.

How Gottumukkala landed at the centre of ChatGPT security controversy

Gottumukkala obtained special permission from the agency’s Office of the Chief Information Officer to use ChatGPT, despite it being blocked for other DHS employees, after he joined CISA in May last year.

Story continues below this ad

Later, cybersecurity monitoring systems detected the uploads made to the AI chatbot in August, triggering multiple security warnings during the first week alone.

The files, marked “for official use only”, were not classified but contained sensitive information not meant for public release, according to the officials.

Following the detection, senior DHS leadership initiated an internal review to assess potential risks to government security; however, the outcome of the review remains unclear.

Following the incident, Gottumukkala met senior DHS leaders, then-acting DHS general counsel Joseph Mazzara and DHS chief information officer Antoine McCord, to assess potential risk to the department.

Story continues below this ad

He also held meetings with CISA CIO Robert Costello and chief counsel Spencer Fisher in August regarding the appropriate handling of sensitive material.

In a response to the incident, CISA Director of Public Affairs Marci McCarthy said in a statement emailed to Politico that Gottumukkala “was granted permission to use ChatGPT with DHS controls in place”. She said that “this use was short-term and limited”.

“Acting Director Dr Madhu Gottumukkala last used ChatGPT in mid-July 2025 under an authorised temporary exception granted to some employees. CISA’s security posture remains to block access to ChatGPT by default unless granted an exception,” McCarthy stated, according to Politico.

Stay updated with the latest - Click here to follow us on Instagram