Tuesday , July 14 2026
CISA

CISA chief at it again: uploads sensitive files into ChatGPT

The acting director of the Cybersecurity and Infrastructure Security Agency (CISA) uploaded sensitive contracting documents marked “for official use only” into the public version of ChatGPT last summer, triggering multiple automated security alerts designed to prevent data exfiltration from federal networks, four Department of Homeland Security (DHS) officials told Politico.

Madhu Gottumukkala, CISA’s interim head since May 2025, had secured special permission from the agency’s Chief Information Officer to use the AI tool shortly after joining.

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

At the time, ChatGPT remained blocked for other DHS staff. The uploads occurred in early August 2025, with cybersecurity sensors repeatedly flagging them with multiple warnings in the first week alone. None of the files were classified, but they contained sensitive contracting information not meant for public release.

CISA’s defenses detected the activity, prompting senior DHS officials to launch an internal review to evaluate potential harm to national security.

Gottumukkala discussed the uploads with DHS leaders, including then-acting general counsel Joseph Mazzara and Chief Information Officer Antoine McCord. He also met with CISA’s CIO Robert Costello and chief counsel Spencer Fisher in August to address the handling of “for official use only” (FOUO) material.

DHS policy mandates investigating such exposures, assessing causes, and considering actions from retraining to security clearance revocation. One anonymous official criticized Gottumukkala harshly: “He forced CISA’s hand into making them give him ChatGPT, and then he abused it.” The review’s outcome remains undisclosed.

Public ChatGPT shares user inputs with OpenAI, which boasts over 700 million active users. This risks sensitive data training models accessible to adversaries, including state-backed hackers from Russia and China, precisely the threats CISA counters.

CISA spokesperson Marci McCarthy stated Gottumukkala used ChatGPT “with DHS controls in place” under a “short-term and limited” exception, last accessing it in mid-July 2025. She emphasized the agency’s AI commitment per President Trump’s executive order.

In contrast, approved DHS tools, such as the internal DHSChat, store data on federal networks. All federal employees receive training on handling sensitive documents.

Gottumukkala’s tenure has drawn scrutiny. Six career staff members were placed on leave after his unsanctioned counterintelligence polygraph failure.

In testimony, he denied the “failed test” premise. Last week, he attempted to oust Costello, but was blocked by appointees, as reported by Politico.

Check Also

MCP Servers

Thousands of MCP Servers Exposed to File Access and Injection Attacks

Thousands of Model Context Protocol (MCP) servers have serious security flaws like file access issues, …