Madhu Gottumukkala, director of the Cybersecurity and Infrastructure Security Agency (CISA), is undergoing an internal security review by the Department of Homeland Security after reports surfaced that he uploaded sensitive federal contracting documents into a public version of OpenAI’s ChatGPT, raising concerns about potential data exposure and violations of federal data-handling policies. According to multiple sources cited by Axios and CyberScoop, Gottumukkala entered procurement-related materials into the consumer-facing ChatGPT platform, including non-public information such as contractor names, pricing details, scopes of work, and other data connected to CISA cybersecurity programs.

The reported use of a non-government-approved AI tool triggered a formal DHS review to determine the sensitivity and classification of the uploaded material, whether any proprietary or protected information was exposed to a third-party service, and whether the action violated federal rules governing data handling and the use of public large language models.

Federal agencies, including CISA, maintain strict limits on the use of generative AI systems, generally prohibiting employees from entering sensitive or government-controlled information into public platforms due to risks involving data retention, training, and unauthorized disclosure.

Gottumukkala, who was appointed to lead CISA in 2025, has overseen initiatives related to ransomware defense, supply-chain security, and election infrastructure protection. Neither CISA nor DHS has issued a public statement as of January 28, 2026, but the internal review is ongoing and could lead to administrative action or further congressional oversight.