CISA Leadership’s ChatGPT Security Lapse Demands Public Hearing
WASHINGTON, D.C. — Federal cybersecurity oversight is facing renewed scrutiny after revelations that the acting head of the Cybersecurity and Infrastructure Security Agency (CISA) Director Madhu Gottumukkala was authorized to upload “for official use only” contracting materials into a public version of ChatGPT after receiving “special permission” to use the public large language model.
This has prompted a formal inquiry from Senate Judiciary Committee Chair Chuck Grassley, demanding records of what was shared, why it was shared, and how the incident was reviewed.
J.B. Branch, Big Tech accountability advocate at Public Citizen, issued the following statement in response:
“The episode underscores broader concerns about how rapidly deployed AI tools can expose sensitive government information and how procurement and governance failures, not just individual judgment, can create unacceptable national security risks.
“This should alarm everyone. Even supposed ‘experts’ are casually feeding sensitive government material into public AI systems because the technology gives a false sense of security. This is the kind of mistake you might expect from an intern on their first day—not from the official running our nation’s cybersecurity agency.
“When the CISA director does it, that is not a teachable moment. It is a fireable offense. Senators must convene a public hearing immediately so Director Gottumukkala can answer directly to the American people about how this happened and how to ensure this kind of recklessness can never happen again.”