CISA’s acting head uploaded sensitive files into public version of ChatGPT

The acting head of the Cybersecurity and Infrastructure Security Agency (CISA), Madhu Gottumukkala, unintentionally uploaded sensitive contracting documents into the public version of ChatGPT last summer, prompting multiple security alerts designed to prevent unauthorized disclosures of government material. Despite obtaining special permission to use the AI tool, which was restricted for other Department of Homeland Security (DHS) employees at the time, the incident raised concerns about the exposure of material designated “for official use only.” Although the documents were not classified, they nonetheless contained sensitive information, leading to an internal review to assess potential security risks.

This incident is significant for the AI/ML community as it underscores the challenges of integrating emerging technologies like AI into government operations while maintaining security protocols. The fact that materials uploaded to the public version of ChatGPT could be used by OpenAI to train its models raises alarms regarding data privacy and security, especially given that CISA's mission is to protect federal networks from sophisticated cyber threats. Furthermore, Gottumukkala's incident reflects broader implications for AI utilization within governmental agencies, highlighting the necessity for stringent controls and training on the handling of sensitive information as the government progresses towards modernizing its operations with AI technologies.