CISA Acting Director Uploads Sensitive Government Docs to ChatGPT
Incident Overview
The acting director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Madhu Gottumukkala, uploaded internal government documents that were marked “for official use only” to the public version of ChatGPT. This action set off multiple automated security warnings designed to prevent the theft or inadvertent disclosure of government files from federal networks.
Exception to Use ChatGPT
Gottumukkala had been granted an exception to use ChatGPT earlier in his tenure as CISA director, at a time when other employees were prohibited from accessing the tool. The exception allowed him to interact with the large language model despite a broader departmental ban.
Departmental Response
Officials at the Department of Homeland Security, which oversees CISA, began evaluating whether any harm had occurred to government security as a result of the uploads. A CISA spokesperson characterized Gottumukkala’s use of the AI system as “short‑term and limited.”
Potential Risks
Uploading unclassified yet internal government documents to a public AI platform is problematic because the model can incorporate the information into its training data. This could enable the contents to be shared with other users of the system, raising concerns about the inadvertent dissemination of sensitive information.
Background on the Director
Before his appointment at CISA, Madhu Gottumukkala served as the chief information officer of South Dakota under former Governor Kristi Noem. Following his move to CISA, he reportedly failed a counterintelligence polygraph, an event later described by Homeland Security as “unsanctioned.” In the wake of the incident, six career staff members were suspended from accessing classified information.
Implications for Government AI Policy
The episode highlights the challenges federal agencies face in balancing the adoption of advanced AI tools with the need to protect sensitive data. It underscores the importance of clear policies and strict enforcement mechanisms to prevent similar occurrences in the future.
Usado: News Factory APP - descubrimiento de noticias y automatización - ChatGPT para Empresas