US cybersecurity chief leaked sensitive government files to ChatGPT: Report

https://www.dexerto.com/entertainment/us-cybersecurity-chief-leaked-sensitive-government-files-to-chatgpt-report-3311462/

159•randycupertino•1h ago

Comments

01284a7e•1h ago

"Information wants to be free". Government stooges help information with what it wants.

sv123•1h ago

Sounds about on par with what I would expect competence wise.

ceejayoz•1h ago

Hand-picked by Noem, so yeah.

https://en.wikipedia.org/wiki/Madhu_Gottumukkala

> In April 2025, secretary of homeland security Kristi Noem named Gottumukkala as the deputy director of the Cybersecurity and Infrastructure Security Agency; he began serving in the position on May 16. That month, Gottumukkala told personnel at the agency that much of its leadership was resigning and that he would serve as its acting director beginning on May 30.

lm28469•1h ago

> Gottumukkala had requested to see access to a controlled access program—an act that would require taking a polygraph

Are the US ok? It's 2026 not 1926

ceejayoz•47m ago

The Feds love polygraphs. Still very much in active use.

htek•44m ago

The polygraph is still used for security vetting, today. No word on whether they still read a lamb's entrails for portents or consult the dead with a Ouija board.

rbanffy•21m ago

> No word on whether they still read a lamb's entrails for portents or consult the dead with a Ouija board.

Don’t give RFK Jr ideas.

tremon•32m ago

It's actually a few minutes to 1929, so that checks out.

rbanffy•21m ago

Feels like 1935

pstuart•1h ago

This is what you get when you prize personal loyalty over competence.

This issue is the one thing that gives me some hope that they can be ousted -- they are collectively too stupid and motivated only by their self interests to hold their power indefinitely.

rbanffy•20m ago

Does anyone in this administration actually trusts each other’s personal loyalties? I wouldn’t.

zzzeek•1h ago

and which MTV reality show was this "cybersecurity chief" plucked from ?

geodel•50m ago

Do they have Middle Age Grandpas on MTV nowadays?

JohnMakin•1h ago

This administration's op-sec has been consistently "barney fife" levels of incompetence.

winddude•1h ago

this administrations competence on anything and everything has been a kid eating glue

jermaustin1•45m ago

If it wasn't meant to be eaten, it shouldn't have tasted so good!

rbanffy•30m ago

We should get their heads checked for crayons.

mcs5280•1h ago

Pretty sure that's a feature, not a bug

JohnMakin•1h ago

Personally I believe this but it gets into conspiracy theory real quick. There are far simpler explanations.

miltonlost•57m ago

Incompetence and conspiracies go hand-in-hand.

JohnMakin•53m ago

Not really. It is far easier to explain incompetence in powerful positions than to explain competence on purpose in powerful positions - the latter is definitely a conspiracy, the former is not.

pixl97•31m ago

Quite often it is both.

It's not uncommon for incompetent people to be put in positions of power. Because they are incompetent, competent but malicious people take advantage of this and commit actual crimes.

This is where actual conspiracies show up. And that is the incompetent powerful people cover up said crime to avoid looking incompetent.

It is an extremely common pattern.

rbanffy•27m ago

This administration’s incompetence allows their opponents to conspire much more effectively.

jermaustin1•42m ago

Same, I want to believe that this is all a ruse and that the are smart and just really good at playing dumb, but there are just too MANY of them.

It's sycophancy plain and simple. Surround yourself with only yes-men, it ends up becoming less and less competent as the ones who stand up and say no are replaced.

Even if they know better, they can't do better because they know there is no loyalty to nay-sayers.

toomuchtodo•48m ago

The trick is how to weaponize the incompetence against them.

rbanffy•26m ago

There at least one country that weaponised it against the US.

Braxton1980•11m ago

Russia

kstrauser•34m ago

Leave Fife out of it. His heart was in the right place, at least. Also, his boss made sure he was unarmed.

stronglikedan•33m ago

It's been the same with every administration, unfortunately. It's just a side effect of such an unnecessarily big goverment.

snake42•17m ago

You really think that every other administration has had this level of incompetence? The current bumbling and corruption is absolutely unparalleled.

jfreds•5m ago

Inviting a reporter from the Atlantic to your signal chat where you coordinate military plans has nothing to do with government being too big

Insanity•1h ago

People were already careless with social media which was openly public. I imagine it’ll be worse with these LLMs for the average person.

rvz•1h ago

This is a "Cybersecurity chief" causing an intern-level IT incident.

In many industries, this would be a rapid incident at the company-level and also an immediate fireable offense and in some governments this would be a complete massive scandal + press conference broadcasted across the country.

geodel•52m ago

I think he is real deal. I mean in reality he learned or knows very little about technical matters. No fraud needed.

shrubble•30m ago

Then again the CTO of Crowdstrike that had their anti-malware code update cause huge problems, is the same guy that was CTO of McAfee when their AV code update, caused huge problems.

Braxton1980•8m ago

The CTO created the update? Otherwise it's not the same situation

Havoc•1h ago

Well they’re about to solve that by intentionally cramming it into grok instead

pstuart•1h ago

DOGE already extracted their data of interest, but no doubt they're hungry for more.

rbanffy•23m ago

There’s always a buyer for this kind of data. I’m sure there is a lot of activity in those markets.

lysace•1h ago

https://en.wikipedia.org/wiki/Madhu_Gottumukkala

He was the 'CTO' of South Dakota and later the CIO/Commissioner of the South Dakota Bureau of Information and Telecommunications under governor Kristi Noem.

Edit: (From a European perspective) it seems like the southern states really took over the US establishment. I hadn't really grasped the level of it, before.

JoeBOFH•51m ago

South Dakota is in the northern portion. But to your statement, historically speaking the southern states after the civil war kept trucking along in terms of power and influence.

ceejayoz•49m ago

The Dakotas weren't really north/south in the Civil War context; only about 4k people lived there in 1860. It was largely empty land, and not a state until 1889.

dstroot•41m ago

South Dakota has a population of less than 1 million people and the complexity of a CTO job of a state like South Dakota would be quite low. It is < 0.3% of the US Population and likely has de minimis benefit programs.

floren•14m ago

> Edit: (From a European perspective) it seems like the southern states really took over the US establishment. I hadn't really grasped the level of it, before.

It's good to know the Americans aren't the only ones who never look at maps outside their own country

hareykrishna•1h ago

At least he is not on H1-b!

dmix•39m ago

Sounds like he came on a student visa from India and got citizenship.

rbanffy•14m ago

Citizenship can be revoked in cases that involve serious offences.

mekdoonggi•1h ago

Can't be surprised when clowns clown.

booleandilemma•1h ago

From wikipedia:

He graduated from Andhra University with a bachelor of engineering in electronics and communication engineering, the University of Texas at Arlington with a master's degree in computer science engineering, the University of Dallas with a Master of Business Administration in engineering and technology management, and Dakota State University with a doctorate in information systems.

And he still manages to make a rookie mistake. Time to investigate Mr. Gottumukkala's credentials. I wouldn't be surprised if he's a fraud.

Bhilai•57m ago

I wonder how far removed the interim director of the CISA is from any real world security. I bet they have not seen or solved any real security problems and merely are an executive looking over cybersec. This probably is another example of why you need rank and file security peeps into security leadership roles rather than some random exec.

jimt1234•55m ago

Well, at least there's gonna be a swift and appropriate punishment. LOL

Quarrelsome•52m ago

I adore that this guy had security clearance and I doubt I'd clear that bar. Last time I looked at the interview there was a question:

> have you ever misused drugs?

and I doubt I'd be able to resist the response:

> of course not, I only use drugs properly.

also I wouldn't lie, because that's would undermine the purpose. Still sad I can't apply for SC jobs because I'm extremely patriotic and improving my nation is something that appeals.

stackghost•46m ago

FWIW I have held a security clearance during my career, and telling them I smoked weed was not a dealbreaker. What they are ultimately looking for is reasons why you could be coerced into divulging classified information. If you owe money due to drugs/gambling, etc, that's where it becomes a dealbreaker.

rbanffy•18m ago

The general rule is not to lie to them, because they will interview all your friends and someone somewhere will rat you out. It’s pointless to try to hide anything during these interviews, and, if you do it, then it’s a dealbreaker.

Quarrelsome•14m ago

wait, so I can apply and be honest? Sick! I just poorly misassumed they had classicly archaic interpretations of drugs.

BiscuitBadger•51m ago

There have to be GovCloud only LLMs just for this case.

I swear this government is headed by appointed nephews of appointed nephews.

I keep thinking back about that Chernobyl miniseries; head of the science department used to run a shoe factory. No one needs to be competent at their job anymore

dmix•47m ago

The article says

> [ChatGPT] is blocked for other Department of Homeland Security staff. Gottumukkala “was granted permission to use ChatGPT with DHS controls in place,” adding that the use was “short-term and limited.”

He had a special exemption to use it as head of Cyber and still got flagged by cybersecurity checks. So obviously they don't think it's safe to use broadly.

They already have a deal with OpenAI to build a government focused one https://openai.com/global-affairs/introducing-chatgpt-gov/

grayhatter•40m ago

> So obviously they don't think it's safe to use broadly.

More likely, everything gets added to the list because there shouldn't be false positives, it's worth investigating to make sure there isn't an adjacent gap in the security systems.

nostrademons•29m ago

Somehow I think that the weak link in our government security is at the top - the President, his cabinet, and various heads of agencies. Because nobody questions what they're allowed to do, and so they're exempt from various common-sense security protocols. We already saw some pretty egregious security breaches from Pete Hegseth.

NoGravitas•24m ago

That's also the case in businesses. No one denies the CEO a security exemption.

AnimalMuppet•10m ago

Been there. The CEO of an internet security company was the one who clicked on the wrong email attachment and turned a virus loose.

I mean, I don't know if he had a security exemption, or if anyone who clicked on it would have infected us. But he was the weak link, at least in that instance.

lysace•9m ago

I have never worked in a company where an obviously incorrect CEO-demanded security exemption would have been allowed to pass. Professionalism, boards and ethics exist.

(30 years in software companies, northern europe.)

dboreham•7m ago

It goes back long before the current regime. People may remember a certain cabinet secretary who ran her own exchange server in the basement.

JumpCrisscross•39m ago

> this government is headed by appointed nephews of appointed nephews

I was in New Delhi during Trump’s Greenland tirade. The hot take in the governing circles was analogising to the Sino-Soviet split.

I’m now wondering if Imperial Russia, the one the Japanese beat and which fizzled apart against the Kaiser, is also an apt analogy.

stronglikedan•34m ago

> There have to be GovCloud only LLMs just for this case.

I hear Los Alamos labs has an LLM that makes ChatGPT look like a toy. And then there's Sentinel, which may be the same thing I'm not sure.

scrlk•28m ago

Not sure if this is applicable to DHS, but USG natsec only LLMs exist:

> We’re introducing a custom set of Claude Gov models built exclusively for U.S. national security customers. The models are already deployed by agencies at the highest level of U.S. national security, and access to these models is limited to those who operate in such classified environments.

https://www.anthropic.com/news/claude-gov-models-for-u-s-nat...

direwolf20•16m ago

They say that most fascist governments fall apart because they actively despise competence, which it turns out you need if you are trying to run a country.

randycupertino•14m ago

> I swear this government is headed by appointed nephews of appointed nephews.

Don't forget the Large Adult Sons!

https://www.newyorker.com/culture/cultural-comment/the-land-...

https://knowyourmeme.com/memes/large-adult-sons

nilstycho•47m ago

Better to read the original story from Politico.

https://www.politico.com/news/2026/01/27/cisa-madhu-gottumuk...

HelloUsername•37m ago

Which had no discussion https://news.ycombinator.com/item?id=46786672

nilstycho•33m ago

O algorithm, algorithm! all men call thee fickle.

simbleau•46m ago

It’s absolutely necessary to have ChatGPT.com blocked from ITAR/EAR regulated organizations, such as aerospace, defense, etc. I’m really shocked this wasn’t already the case.

lysace•45m ago

"The report says Gottumukkala requested a special exemption to access ChatGPT, which is blocked for other Department of Homeland Security staff."

rbanffy•24m ago

That they got this is shocking in itself.

lysace•20m ago

Surely that must have been approved by the Secretary of Homeland Security Kristi Noem, his former boss back in SD.

rbanffy•13m ago

Every cause that led to this event is, in itself, quite shocking.

I feel for my American friends, and hope they never again optimise their government for comedy value.

tonetegeatinst•17m ago

I agree....but ITAR and EAR can be super vauge especially in higher education.

7777332215•43m ago

Where does this "cybersecurity monitoring" take place? On OpenAIs side? Or some kind of monitoring tools on the devices themself?

grayhatter•42m ago

Leaked is not the correct word here. Generally as it's used, it implies some intent to disclose, the information for it's own purposes. You would call a disclosure to the war thunder forums a leak, because the intent was to use that information to win an argument. You wouldn't call Leaving boxes of classified information in a wearhouse where you'd normally read them a leak. (At least not as a verb). Likewise you wouldn't call it a leak if you mistakenly abandoned them in a park.

That said, IIRC For Official Use Only is the lowest level of classification (note not classified) it's not even NOFORN. It's even multiple levels below Sensitive But Unclassified.

So, who cares?

Much more significant is he failed the SCI/full poly... that means you lied about something. Yes I know polys don't work, but the point of the poly is to try to ensure you've disclosed everything that could be used against you, which ideally means no one could flip you or manipulate you. The functional part is to determine if you have anxiety about things you might try to hide, because that fear can be used against you. No fear/anxiety, or nothing you're trying to hide means you're harder to manipulate.

That feels bad even ignoring the whole hostile spys kinda thing.

observationist•36m ago

It's bizarre that someone would choose to use the public, 4o bot over the ChatGPT Pro level bot available in the properly siloed and compliant Azure hosted ChatGPT already available to them at that time. The government can use segregated secure systems set up specifically for government use and sensitive documents.

It looks like he requested and got permission to work with "For Unofficial Use Only" documents on ChatGPT 4o - the bureaucracy allowed it - and nobody bothered to intervene. The incompetence and ignorance both are ridiculous.

Fortunately, nothing important was involved - it was "classified because everything gets classified" bureaucratic type classification, but if you're CISA leadership, you've gotta be on the ball, you can't do newbie bullshit like this.

bilekas•25m ago

> It's bizarre that someone would choose to use the public, 4o bot over the ChatGPT Pro level bot available in the properly siloed

You're assuming the planted lackey has any knowledge of these tools.

direwolf20•15m ago

Or any reason to give a shit and use the less convenient tool.

reactordev•31m ago

It’s happening all across corporate too

wnevets•28m ago

The meritocracy strikes again.

bilekas•27m ago

If I did this with a banal internal documentation at work I would be written up and maybe fired over breaking known policy. This administration is so ridiculously incompetent, and interim head of cyber security.. leaks. The onion wouldn't write this.

mlmonkey•22m ago

It looke like he's unfit for the position, and was using ChatGPT to burnish his reports etc.

RegW•7m ago

Hey dude. That's a thought. Get your AI to expand it into a full report and send it to my AI to summarize!

throwaway85825•20m ago

Chalaki

RegW•13m ago

I really enjoyed unchecking all those cookie controls. Of the 1668 partner companies who are so interested in me, a good third have a "legitimate interest". With each wanting to drop several cookies, it seems odd that Privacy Badger only thinks there are 19 cookies to block. Could some of them be fakes - flooding the zone?

Damn. I forgot to read the article.

bsaul•6m ago

BTW, what's the current status on LLMs and confidential documents ? Which license from which suppliers are fine and which aren't ?

Ask HN: What are SSI/Thinking Machines working on?

Show HN: 41 Stars New AI – MIT License. Zero Hallucinations (For Real)

AI Subs

Amazon's Promotion of 'Melania' Has Critics Questioning Its Motives

Pakistan becomes latest Asian country to introduce checks for deadly Nipah virus

GNU Gettext Reaches Version 1.0 After 30 Years in Development

Drop your URL. I will Analyze and give FREE SEO tips

Game jam for high schoolers in 200 cities

Show HN: Cueso – iPhone app for location-based grocery reminders

Mugabo Rongin

The New Shadowbanning Panic

How British Queues Got Out of Hand

Ask HN: Bookmarking service with snapshots and context based (local LLM?) search

Email Security: Where We Are and What the Future Holds

Google Co-Founder Seeds Billionaire Political Effort Amid Wealth Tax Debate

Why California is keeping this unusual solar plant running

When Cloud Came to Stay at the Village Bed and Breakfast

How Norway Accomplished a Near-Total EV Transition

CW/Morse Code Trainer Inspired by G4FON

How to Bring Back the American Dream

Developmental convergence and divergence in human stem cell models of autism

Show HN: Built a way to validate ideas with AI personas and Simulated Community

A fresh take on offline data collection

Types Of ML Jobs In 2026 [video]

One-Click Clawdbot/Moltbot on Security-Hardened DigitalOcean Droplets

DanceJump for YouTube – Rhythm Dance Game – v0.3.3 Released for Edge

A practical primer on confidential computing

Codex Daily Benchmarks for Degradation Tracking (Marginlab.ai)

XCCache: Faster Swift builds, less waiting

What I found reading Claude's leaked 57K-word system prompts