Meet Madhu Gottumukkala: Indian-origin US cybersecurity chief accused of sharing internal files on ChatGPT | World News

Madhu Gottumukkala, the Indian-origin acting head of US federal cybersecurity, has come under scrutiny after reports that he uploaded internal government documents into a public version of ChatGPT. A Politico investigation said the uploads occurred during the summer of 2025 and involved files marked “For Official Use Only”, triggering automated security alerts and an internal review by the Department of Homeland Security. Officials have emphasised that no classified information was involved, but the episode has drawn attention because it concerns the leader of the agency responsible for warning others about AI-related data risks.Officials familiar with the matter said the incident does not involve espionage or intentional wrongdoing. Gottumukkala reportedly had limited authorisation to experiment with AI tools at the time, though not to upload internal documents to public platforms. DHS has characterised the matter as a policy and judgement lapse rather than a security breach, and there has been no allegation of malicious intent. Gottumukkala has cooperated with the internal review and has not publicly disputed the reporting.

Who is Madhu Gottumukkala

Gottumukkala serves as Acting Director and Deputy Director of the Cybersecurity and Infrastructure Security Agency, commonly referred to as the US cyber agency. CISA is responsible for protecting federal networks and critical infrastructure from cyber and physical threats. He assumed the acting leadership role in May 2025 following a series of senior departures, placing him at the centre of US cybersecurity operations during a period of heightened focus on artificial intelligence, infrastructure resilience and election security.Born in Andhra Pradesh, India, Gottumukkala has spent more than two decades working across the private and public sectors. His academic background includes engineering, computer science, technology management and a PhD in information systems. Before joining CISA leadership, he served as Chief Information Officer for the state of South Dakota, overseeing statewide IT and cybersecurity systems, and held senior technology roles in healthcare and telecommunications. His career has focused largely on software engineering, systems security and digital infrastructure.

What the ChatGPT incident involved

According to Politico’s reporting, Gottumukkala uploaded contracting-related documents labelled “For Official Use Only” into a publicly accessible AI platform while experimenting with generative AI. The action triggered internal alerts within the Department of Homeland Security, which oversees CISA, prompting a formal review. The documents were described as sensitive but unclassified, and there has been no indication they were accessed by unauthorised parties or disseminated beyond the AI system itself.The episode has attracted attention because CISA routinely cautions other federal agencies and private companies against entering sensitive information into public AI tools. A 2023 report by the Government Accountability Office found that roughly 70 percent of US federal agencies lacked adequate controls to mitigate AI-related data leakage risks, underscoring a broader governance gap as generative AI adoption accelerates across government.

Public reaction and wider debate

Public reaction has been divided. Some criticism has focused on leadership judgement and the need for clearer AI rules within cybersecurity agencies. Other responses, however, veered into xenophobic attacks referencing Gottumukkala’s Indian origin and immigration background. Analysts note there is no evidence linking the incident to nationality or visa status, and say the controversy reflects wider political tensions around immigration, technology leadership and trust in government institutions.The DHS review is expected to focus on compliance with internal policy rather than criminal liability. More broadly, the case has renewed calls for clearer, enforceable standards governing how public officials use generative AI tools. For CISA, the episode highlights the challenge of maintaining credibility as the nation’s lead cybersecurity authority while adapting to fast-moving technologies that introduce new and poorly defined risks.