CISA Acting Director Uploaded Sensitive Government Files to Public ChatGPT
Madhu Gottumukkala, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), uploaded sensitive U.S. government contracting documents marked “for official use only” into a publicly accessible version of ChatGPT, according to reporting citing multiple Department of Homeland Security (DHS) officials. Although the materials were not classified, CISA cybersecurity sensors detected the activity in August and generated multiple automated alerts intended to prevent data loss or mishandling, prompting a DHS-level internal review to assess potential exposure and impact; the outcome of that review has not been made public.
CISA’s public affairs office said Gottumukkala had been granted a temporary, authorized exception to use ChatGPT “with DHS controls in place,” describing the use as short-term and limited, while also disputing aspects of the reported timeline (stating his last use was in mid-July 2025 and that ChatGPT remains blocked by default unless an exception is granted). The incident highlights the risk that content entered into a public AI service may be shared with the service provider and potentially used to improve responses for other users, contrasting with DHS-approved internal tools (e.g., DHSChat) designed to keep inputs within federal networks.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
CISA publishes insider-threat guidance amid scrutiny
CISA issued new insider-threat guidance for critical infrastructure and government organizations, recommending multidisciplinary teams and mitigation measures. The release drew attention because it followed reporting about Gottumukkala's ChatGPT handling of sensitive documents.
Politico reveals the ChatGPT document upload incident
Politico reported that CISA's acting director had uploaded sensitive government documents to a public ChatGPT instance, bringing the previously undisclosed incident into public view.
DHS launches internal review of potential security impact
Senior DHS officials, including legal and CIO leadership, reviewed what had been uploaded and assessed possible harm to government security and whether policy had been followed. The matter escalated to a DHS-level review.
CISA says Gottumukkala's authorized ChatGPT use ended in mid-July 2025
In response to later reporting, CISA said Gottumukkala's use of ChatGPT occurred under an authorized temporary exception and that his last use was in mid-July 2025, disputing accounts that placed uploads in early August.
Federal security systems trigger data-loss alerts on the uploads
The ChatGPT uploads generated multiple automated security and data-exfiltration warnings on federal networks designed to prevent sensitive information from leaving government systems.
Sensitive CISA contracting files uploaded to public ChatGPT
In summer 2025, Gottumukkala uploaded government contracting documents marked "for official use only" to the public version of ChatGPT. The files were not classified but contained sensitive information not intended for public release.
Gottumukkala receives temporary exception to use ChatGPT at CISA
After arriving at CISA in May 2025, acting director Madhu Gottumukkala was granted a short-term, limited exception to use ChatGPT under DHS controls while the tool was generally blocked for most DHS and CISA personnel.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
9 references tracked. Mallory keeps watching after this page renders.
CISA issues insider threat guidance amidst AI misuse concerns | SC Media
scworld.com
Open sourceCISA insider-threat warning comes with an ironic twist • The Register
go.theregister.com
Open sourceCISA acting director reportedly uploaded sensitive documents to ChatGPT | SC Media
scworld.com
Open sourceCISA Chief Uploaded Sensitive Documents into Public ChatGPT
cybersecuritynews.com
Open sourceCISA chief uploaded sensitive government files to public ChatGPT | CSO Online
csoonline.com
Open sourceUS cyber defense chief accidentally uploaded secret government info to ChatGPT - Ars Technica
arstechnica.com
Open sourceTrump's acting cybersecurity chief uploaded sensitive government docs to ChatGPT | TechCrunch
techcrunch.com
Open sourceTrump's Acting Cyber Chief Allegedly Leaked Data to ChatGPT - TechRepublic
techrepublic.com
Open sourceTrump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT - POLITICO
politico.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
CISA Contractor GitHub Repository Exposed AWS GovCloud Keys and Internal Credentials
A public GitHub repository tied to a contractor supporting the U.S. Cybersecurity and Infrastructure Security Agency (**CISA**) exposed plaintext passwords, access tokens, cloud keys, logs, spreadsheets, and deployment files that could provide access to CISA and Department of Homeland Security internal and cloud systems. Researchers from GitGuardian and Seralys reported that the repository, named **"Private-CISA"**, contained administrative credentials for three AWS GovCloud accounts as well as numerous credentials for internal CISA systems; some of the exposed secrets were verified as valid. The repository was reportedly linked to a Nightwing employee and appears to have been used as an informal working scratchpad rather than a controlled code repository, with commit history indicating GitHub secret-scanning protections had been disabled. After alerts to the contractor reportedly went unanswered, the issue was escalated and the GitHub account was taken offline, but exposed AWS keys were said to remain valid for roughly 48 hours after disclosure. CISA said it is investigating and that it had no indication the credentials were abused, though the incident represents a significant security lapse at the federal agency responsible for civilian cybersecurity.
Jun 1, 2026
OpenAI Adds ChatGPT Lockdown Mode and Elevated Risk Labels to Reduce Prompt-Injection Exfiltration
OpenAI introduced **Lockdown Mode** and **Elevated Risk** labels in *ChatGPT* to reduce exposure to **prompt injection** and related data-exfiltration risks when AI features interact with external systems. Lockdown Mode is positioned as an optional, advanced setting for higher-risk users and environments (notably *ChatGPT Enterprise*, *Edu*, *for Healthcare*, and *for Teachers*) that restricts tool access and limits how ChatGPT can reach outside systems; reported controls include disabling or constraining capabilities attackers could abuse via conversations or connected apps, and limiting browsing so that no live network requests leave OpenAI-controlled infrastructure (with browsing constrained to cached content). Admins can enable the setting via workspace controls and apply additional restrictions through dedicated roles, while Elevated Risk labels provide in-product warnings and guidance for features that increase risk when connecting to apps or the web, including across *ChatGPT*, *ChatGPT Atlas*, and *Codex*. Separate research highlighted how AI assistants with web-browsing/URL-fetching features can be abused as stealthy **command-and-control (C2) relays**, demonstrating a technique against **Microsoft Copilot** and **xAI Grok** that tunnels operator commands and victim data through legitimate AI web interfaces and can work without an API key or registered account. In parallel, the **European Parliament** reportedly disabled built-in AI tools on lawmakers’ work devices due to cybersecurity and privacy concerns about uploading sensitive correspondence to third-party cloud AI providers and uncertainty about what data is shared and retained. Other referenced material focused on general productivity customization of ChatGPT via “Custom Instructions,” rather than a specific security event or disclosure.
Mar 21, 2026
AI-Assisted Intrusions Against Mexican Government Agencies Using Anthropic Claude and OpenAI ChatGPT
Researchers at **Gambit Security** reported that a small group of attackers used **LLMs**—including **Anthropic Claude** and **OpenAI ChatGPT**—to help compromise at least **nine Mexican government agencies**, stealing large volumes of sensitive records including **~195 million identity and tax records**, **vehicle registrations**, and **~2.2 million property records**. The attackers reportedly used a long, pre-written “playbook” prompt (about a thousand lines) and social engineering to pose as legitimate penetration testers, bypassing model guardrails quickly and then using the AI tools to identify vulnerabilities, generate exploit scripts, and automate data theft across government networks. Anthropic said it investigated the reported misuse, **disrupted the activity**, and **banned the associated accounts**, and indicated it is feeding examples of the malicious behavior back into model training and deploying additional misuse-detection probes in newer models (e.g., *Claude Opus 4.6*). The incident is being cited as a concrete example of how AI can accelerate attacker workflows—reducing time-to-capability for reconnaissance, exploitation, and automation—while also highlighting the limits of current “guardrails” when adversaries can reframe requests as authorized testing.
May 9, 2026