January 29, 2026
When cyber met overshare
CISA’s acting head uploaded sensitive files into public version of ChatGPT
Internet roasts the “cyber boss” for feeding ChatGPT sensitive files while DHS alarms blared
TLDR: CISA’s acting chief reportedly fed sensitive, non-public docs into public ChatGPT, triggering DHS security alarms and a review. Commenters mocked it as amateur-hour and asked why he didn’t use DHS’s internal bot, while a few noted he had permission and no classified data — raising big questions about leadership and AI hygiene.
The internet is in full popcorn mode after reports that CISA’s acting director, Madhu Gottumukkala, allegedly uploaded government contracting files marked “for official use only” into the public version of ChatGPT, tripping DHS security alarms and sparking a damage review. The agency says he had permission, with controls, and disputes the timeline — but that didn’t calm the mob. Folks can’t get over the optics: the country’s cyber defense boss putting sensitive docs into an app used by hundreds of millions OpenAI says 700M+. Cue the roast.
Top comments are brutal. One called it “Barney Fife” op-sec, another said it’s an intern-level incident that would get you fired anywhere else. The big “why didn’t he use the internal tool?” chorus is loud, pointing to DHS’s own chatbot, DHSChat. The meme of the day: “FOUO = For OpenAI Use Only.” Others sighed that people are already careless with social media and LLMs (AI chatbots) will only make it worse.
There’s a small countercurrent: he reportedly had a temporary exception and nothing was classified; some say the outrage is overblown. But the dominant vibe is trust shaken, jokes flying, and a fresh debate over whether leaders pushing AI should actually understand it — or at least keep sensitive files off public apps.
Key Points
- •CISA’s acting director Madhu Gottumukkala uploaded FOUO contracting documents to the public ChatGPT last summer.
- •CISA cybersecurity sensors flagged multiple uploads in early August, prompting a DHS-led internal damage assessment.
- •None of the uploaded materials were classified, but they were designated sensitive and not for public release.
- •CISA says Gottumukkala had authorized, controlled access and last used ChatGPT in mid-July 2025; the app is otherwise blocked by default.
- •DHS promotes internal AI tools like DHSChat that keep data within federal networks; public ChatGPT shares user inputs with OpenAI.