ByteSizedSecurity Cybersecurity Insights & Analysis
Blue Team 6 min read Updated

CISA ChatGPT Incident: The Shadow AI Problem

Marc David
Marc David Senior Security Engineer · CISSP
Shadow AI Cybersecurity Data Governance
CISA ChatGPT Incident: The Shadow AI Problem

The CISA ChatGPT Incident: What Shadow AI Means for Every Organization

TL;DR: CISA’s acting director uploaded sensitive government documents to a public ChatGPT instance, triggering internal security alerts. While the agency calls it “authorized,” the incident exposes a much bigger problem: shadow AI is happening at every organization, and most have zero visibility into it. The fix isn’t banning AI… it’s building safe environments and clear policies.


When the Nation’s Top Cybersecurity Agency Makes a Basic Data Handling Mistake

In January 2026, Politico reported that Madhu Gottumukkala, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), uploaded sensitive government documents to a public instance of ChatGPT.

The documents were marked “for official use only.” Not classified, but restricted from public dissemination. The uploads happened in mid-2025 and triggered multiple automated security warnings at both CISA and the Department of Homeland Security.

Let that sink in for a second.

CISA is the agency that advises every other federal agency… and the private sector… on cybersecurity best practices. Their acting director triggered their own internal security monitoring by doing something most cybersecurity professionals would immediately flag as a risk.

CISA’s Response

CISA confirmed that Gottumukkala was granted permission to use ChatGPT under a temporary, short-term exception with DHS controls in place. According to CISA’s Director of Public Affairs, the use was “short-term and limited.”

Officials said Gottumukkala last used ChatGPT in mid-July 2025 under that temporary exception. CISA’s default security posture blocks access to ChatGPT unless an exception is explicitly approved.

However, Politico’s reporting indicated that security alerts continued into early August, which doesn’t quite align with CISA’s timeline.

The Expert Reaction

The response from the cybersecurity community was swift and pointed.

AJ Grotto, a former senior White House director for cyber policy during both the Obama and Trump administrations, called the allegations “troubling” and warned that foreign adversaries “enthusiastically exploit mistakes like the one alleged here.”

“Experimentation is essential, but experiments are meant to be carried out in a controlled environment,” Grotto added. “The federal government has a hard enough time already defending its networks against a constant barrage of cyberattacks.”

House Homeland Security Ranking Member Bennie Thompson went further, questioning Gottumukkala’s fitness to lead the agency entirely: “At best, he’s in over his head, if not unfit to lead.”

The Real Story: Shadow AI Is Everywhere

Here’s what I think most people are missing in this story.

This isn’t just about one government official making a questionable decision. This is about a problem that is actively happening at every organization, at every level, right now.

Shadow AI… the use of public AI tools with company data without organizational knowledge or approval… is the fastest-growing blind spot in cybersecurity today.

Think about what employees paste into ChatGPT, Claude, Gemini, and similar tools every single day:

  • Internal documents and memos
  • Source code and configuration files
  • Customer data and PII
  • Strategic plans and financial information
  • Email threads and meeting notes

Most of this happens with zero visibility. No logging. No monitoring. No policy that anyone’s actually read.

Interestingly, one AI governance expert actually praised CISA for catching the activity at all. Andrew Gamino-Cheong, co-founder and CTO of Trustible, pointed out that “many organizations lack visibility into how public AI tools are used by employees” and that catching it “is a sign of very high AI governance maturity.”

That’s the uncomfortable reality. If CISA, with its dedicated cybersecurity monitoring infrastructure, barely caught this, what’s happening at organizations without those controls?

Why Blanket Bans Don’t Work

The instinct for many organizations is to ban public AI tools outright. Block ChatGPT. Block Claude. Block everything.

This approach fails for the same reason every blanket ban in technology history has failed. It drives usage underground.

Darren Kimura, CEO of AI Squared, made this point well: “Agencies must create sanctioned sandbox environments with synthetic or declassified data for experimentation rather than imposing blanket bans that drive shadow IT.”

Former CISA staffers confirmed this dynamic exists even within the agency. There were “strict guidelines and a ton of hesitation,” one said. “If it wasn’t clearly authorized and encouraged, people just didn’t use it.”

But that hesitation doesn’t eliminate the need. It just pushes it into the shadows where there’s no monitoring, no guardrails, and no accountability.

What Organizations Should Actually Do

Instead of banning AI, organizations need to manage it. Here’s what a practical AI governance approach looks like:

  1. Know what’s happening. Deploy monitoring tools that give you visibility into which AI services employees are using and what data is going in. You can’t protect what you can’t see.

  2. Provide sanctioned alternatives. If employees need AI tools to do their work (and they do), give them approved options with proper security controls. Enterprise versions of AI tools with data retention policies, encryption, and access controls exist for this exact reason.

  3. Create clear data classification policies for AI. Employees need to know, in plain language, what data can and can’t go into public AI tools. “Sensitive data” is too vague. Be specific: no PII, no internal documents marked FOUO, no source code, no customer data.

  4. Build sandbox environments. Create controlled environments where teams can experiment with AI using synthetic or declassified data. Let people innovate without putting real data at risk.

  5. Educate, don’t just enforce. Most shadow AI isn’t malicious. People are trying to do their jobs more efficiently. Meet them where they are with training that explains why the guardrails exist, not just that they do.

The Bigger Picture

This incident comes at a rough time for CISA. The agency has been without a Senate-confirmed director for nearly a year. Multiple senior executives have departed. Budget pressure, reorganization, and workforce reductions have all taken their toll.

Meanwhile, the administration’s executive order is actively encouraging AI adoption across federal agencies. That tension between “move fast on AI” and “keep everything secure” is the exact tension every organization is feeling right now.

AI is moving faster than policy. That gap between capability and governance is the real vulnerability here… not any one person’s decision to upload a document.

The Bottom Line

The CISA ChatGPT incident is a wake-up call, but not for the reason most headlines suggest. The real lesson isn’t that one official made a mistake. It’s that shadow AI is the fastest-growing blind spot in organizational security, and most companies are flying completely blind.

If the nation’s top cybersecurity agency got caught, you can be certain it’s happening in your organization too. The question isn’t whether your employees are using public AI tools with sensitive data. They are.

The question is whether you know about it.

For more on how AI is reshaping cybersecurity from both sides, read our analysis of AI-powered population simulations as a social engineering threat. And if you’re navigating the career implications of AI in security, see how AI is actually fueling cybersecurity hiring.

Share This Article

Comments