The documents that Gottumukkala submitted to ChatGPT in the summer of 2025 were not formally classified, but they contained contract-related and other government information considered sensitive and not intended for public disclosure.
Although most employees of the Department of Homeland Security (DHS) did not have access to the public version of ChatGPT due to concerns about data security, Gottumukkala received temporary authorization from the agency’s chief information officer. Automated data security monitoring systems at CISA detected the uploads in August 2025, triggering several alerts within a short period. This prompted DHS leadership to launch an internal review to determine whether the transfer of the documents violated security policies or could have caused operational harm. The results of that assessment have not yet been made public.
In a statement, CISA said that Gottumukkala used ChatGPT “in a limited and short-term manner” and with authorization. The agency emphasized that it remains committed to using artificial intelligence and modern technologies to modernize government operations, in line with executive guidance from the U.S. administration.
The incident has become a point of criticism from some lawmakers. Representative Bennie G. Thompson, the ranking member of the House Homeland Security Committee, said that reports of uploading “For Official Use Only” documents to ChatGPT, combined with earlier controversies involving Gottumukkala—including a failed counterintelligence polygraph test—raise questions about his suitability to lead an agency responsible for protecting the nation’s critical digital infrastructure.
CISA, which operates within the Department of Homeland Security, is the primary federal agency responsible for U.S. cybersecurity and the protection of critical infrastructure, including defending against hacking and safeguarding government networks from advanced threats. Gottumukkala has served as acting director since May 2025, following his appointment by the DHS secretary.