Who Is Madhu Gottumukkala? The CISA Chief Carelessly Used ChatGPT

Dr. Madhu Gottumukkala, the acting director of the US Cybersecurity and Infrastructure Security Agency (CISA), has found himself at the centre of an uncomfortable controversy after reportedly uploading sensitive government documents into a public version of ChatGPT.

The incident has raised fresh questions about judgement at the top of America's cyber-defence agency, particularly at a time when officials are warning relentlessly about foreign espionage and data leaks.

The episode has prompted an internal review by the Department of Homeland Security (DHS), which oversees CISA, to determine whether the uploads caused any damage to government security.

Although DHS insists controls were in place and the use of ChatGPT was 'short-term and limited', critics argue the incident highlights deeper leadership and governance issues within the agency.

Background And Career Of Madhu Gottumukkala

Dr. Gottumukkala currently serves as both Acting Director and Deputy Director of CISA, making him the senior-most political official at the agency tasked with defending US federal networks from cyber threats posed by foreign adversaries.

He assumed the role in May, during a turbulent period marked by staffing disputes and heightened political scrutiny of federal cybersecurity operations.

His LinkedIn profile shows that before joining CISA, Gottumukkala built much of his public-sector reputation in South Dakota. He served as Commissioner and Chief Information Officer for the state's Bureau of Information and Technology, where he oversaw statewide IT operations and cybersecurity initiatives.

His work focused heavily on modernisation, including the replacement of ageing legacy systems and the adoption of emerging technologies across government services. Earlier, he also held the role of South Dakota's Chief Technology Officer.

Across a career spanning more than 24 years, Gottumukkala has worked in both public and private sectors, with experience in wireless and telecommunications, unified communications, and health technology.

He also sits on the Advisory Committee of the College of Business and Information Systems at Dakota State University, reinforcing his profile as a seasoned technocrat with academic credentials to match.

ChatGPT Incident And Security Concerns

According to reporting by Politico, the documents uploaded by Gottumukkala were marked 'for official use only' and related to government contracting.

While they were not classified, cybersecurity sensors reportedly flagged the activity last summer, triggering automatic alerts designed to stop sensitive federal information from leaving secure networks. The revelations have unsettled officials who see irony in the head of CISA breaching the very safeguards his agency promotes.

The controversy erupted after it emerged that Gottumukkala had been granted a temporary exception to use ChatGPT at a time when the tool was blocked for most DHS employees. Any information uploaded into the public version of ChatGPT is shared with its operator and may be retained to help answer prompts from other users, a fact that has long alarmed security professionals.

A CISA spokesperson defended Gottumukkala's actions, saying his use of the AI tool was authorised and tightly controlled. DHS echoed that view, stressing that safeguards were in place during the approved period.

Nevertheless, the incident automatically triggered security warnings, and DHS policy requires investigations to assess whether disciplinary action is warranted, ranging from retraining to more serious administrative measures. The outcome of the review has not been made public.

Broader Leadership Controversies At CISA

The ChatGPT episode is only the latest issue to cloud Gottumukkala's tenure. Since taking charge, he has faced internal disputes, including a failed counterintelligence polygraph examination that DHS later described as 'unsanctioned'.

Several career staff members were suspended from accessing classified information under his watch, and efforts to remove senior agency officials were ultimately blocked.

Taken together, these events have fuelled concerns among observers about stability and leadership at CISA. For an agency charged with safeguarding critical infrastructure and federal networks, the perception of carelessness at the top carries reputational risks.

Gottumukkala remains in post, but the scrutiny surrounding his actions underscores the challenges facing cybersecurity leadership in an era of rapidly evolving AI tools and persistent digital threats.