Explainer: Who Is Madhu Gottumukkala — Andhra-Born Cybersecurity Leader at Centre of ChatGPT Controversy
HYDERABAD: Madhu Gottumukkala, an Andhra Pradesh-born cybersecurity professional and an alumnus of Andhra University, has come under scrutiny in the United States after reports said he uploaded sensitive government documents to the public version of ChatGPT. Gottumukkala currently serves as the acting head of the US Cybersecurity and Infrastructure Security Agency (CISA), the civilian body tasked with protecting federal networks and critical infrastructure.
The incident has triggered internal reviews within the US Department of Homeland Security and renewed debate on how artificial intelligence tools should be used in sensitive government environments.
Academic roots in Andhra Pradesh, career in US cyber policy
Madhu Gottumukkala was born in Andhra Pradesh and completed his Bachelor of Engineering in Electronics and Communication Engineering from Andhra University, Visakhapatnam. After moving to the US, he pursued higher studies, earning an MS in computer science from the University of Texas at Arlington, an MBA in engineering and technology management from the University of Dallas, and a PhD in information systems from Dakota State University.
He has worked across public and private sectors in the US, building a career in cybersecurity governance and technology management. In 2024–25, he served as chief technology officer and later chief information officer of the South Dakota Bureau of Information and Technology.
In May 2025, Gottumukkala was appointed deputy director of CISA. Soon after, he took charge as acting director, overseeing federal efforts to defend government systems against cyber threats.
What CISA does
CISA operates under the US Department of Homeland Security and is responsible for securing federal networks, election infrastructure and critical sectors such as energy, transport and communications. The agency also issues advisories and coordinates responses to major cyber incidents affecting government and private operators.
Uploading documents to ChatGPT raised alarms
According to media reports citing US officials, Gottumukkala uploaded internal US government documents to the public version of ChatGPT during the summer of 2025. The documents were not classified but were marked “For Official Use Only”, indicating they were sensitive and not intended for public dissemination.
Officials said the chatbot used was OpenAI’s publicly available tool, not a government-approved secure system. The uploads triggered automated security alerts within Department of Homeland Security networks, designed to flag potential exposure of official data.
Why officials are concerned
Cybersecurity experts caution that public AI tools may retain user inputs or use them for training and response generation, creating a risk of wider exposure. Even unclassified material labelled “For Official Use Only” is subject to strict handling rules within US federal agencies.
Following the alerts, senior officials held internal meetings to assess whether any systems or data had been compromised. The outcome of the review has not been made public.
Agency response and wider implications
CISA said Gottumukkala had temporary permission to use ChatGPT with departmental controls in place and described the usage as limited and short-term. The agency continues to block access to ChatGPT by default for most employees unless specific authorisation is granted.
The episode has intensified discussions within US policy circles on risk management, governance and accountability in the use of artificial intelligence tools by government officials, particularly those responsible for cybersecurity.
