There is a certain irony in cybersecurity that never fails to capture attention: sometimes the people responsible for protecting sensitive information become examples of what can go wrong when safeguards meet human judgment.
That is precisely why the recent reports involving Madhu Gottumukkala, the acting director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), deserve more attention than a typical compliance mishap.
When the cybersecurity chief becomes the cautionary tale
According to reporting by Politico and subsequent coverage by multiple cybersecurity publications, Gottumukkala uploaded government contracting documents marked “For Official Use Only” (FOUO) into the public version of ChatGPT during 2025. While the documents were not classified, they were considered sensitive and not intended for public release. The uploads reportedly triggered automated security alerts and prompted an internal review within the Department of Homeland Security. CISA stated that Gottumukkala had been granted a temporary exception to use ChatGPT and that controls were in place. Nevertheless, the incident raised serious concerns about data handling, governance, and leadership accountability.
The story is significant not simply because a senior official made a questionable decision. It matters because it illustrates a fundamental challenge every organization now faces: the gap between AI adoption and AI governance.
This is not really a technology story
At first glance, the incident appears to be about ChatGPT; it’s not. The real issue is organizational behavior. For more than two decades, information security professionals have repeated a simple truth: technology rarely creates the biggest vulnerabilities; people do. And generative AI merely amplifies that reality. For example, in the pre-AI era, an employee might accidentally email a spreadsheet to the wrong recipient. Today, they can upload an entire contract, proposal, source code repository, or strategic planning document into a public AI service within seconds. The convenience is extraordinary. The risk is equally extraordinary.
What makes the CISA incident particularly uncomfortable is that it allegedly involved the leader of the agency responsible for helping other organizations manage cybersecurity risk. When exceptions are granted at the highest levels without corresponding safeguards, security controls can quickly become symbolic rather than effective. Experts quoted in coverage of the incident described it as a governance failure rather than a technological one.
The dangerous myth of “not classified means safe”
One detail repeatedly mentioned in reports is that the uploaded files were not classified. That distinction is legally important, but it’s not necessarily operationally important. Organizations routinely handle information that is unclassified yet highly sensitive:
- Client contracts
- Financial projections
- M&A discussions
- Employee records
- Product roadmaps
- Procurement strategies
- Research data
None of these may qualify as classified information. Yet exposing them could create competitive, financial, reputational, or legal consequences.
The AI era requires a shift in how we think about data sensitivity. The old binary model—classified versus unclassified—is no longer sufficient. Organizations need to evaluate information based on business impact, not merely classification labels.
The question should evolve from “Is this document classified?” to “Would I be comfortable seeing this document on the front page of a newspaper tomorrow?” If the answer is no, it likely doesn’t belong in a public AI service.
Why this incident matters beyond government
It would be tempting for private-sector leaders to dismiss this as a government problem, but that would be a mistake. The same pattern appears daily across enterprises worldwide. Employees increasingly use AI assistants for everything from summarizing reports and drafting communication to brainstorming strategies and generating proposals. Most of these activities are legitimate and valuable. The problem arises when there is uncertainty about where the data goes, how long it is retained, who can access it, and whether it may be used for model training.
While technology moves faster than policy, human curiosity moves faster than both and that combination creates risk.
How organizations can prevent similar mistakes
The solution is not banning generative AI. History consistently shows that people find workarounds when technology provides meaningful productivity gains. Instead, organizations should focus on intelligent governance.
-
Deploy Enterprise AI, Not Consumer AI
Many organizations already offer enterprise-grade AI platforms with contractual protections, data isolation, logging, and governance controls. Employees should have approved alternatives that are easier to use than unauthorised tools.
Security succeeds easier when the secure option is also the most convenient option.
-
Classify Data Before Users Interact with AI
Most training focuses on teaching people what not to do. A better approach is enabling systems to identify sensitive content automatically. Data classification, metadata tagging, and automated policy enforcement can prevent users from accidentally sharing information that should never leave corporate environments.
-
Remove Executive Exceptions
One of the most striking elements of the CISA story is the reported existence of special access not available to other employees.
Security policies should apply equally across the organization, because risk does not decrease with seniority. In fact, senior leaders often have access to the most sensitive information, making governance even more important.
-
Build AI Literacy, Not Just Compliance Training
Traditional security training often relies on annual presentations and mandatory quizzes. AI requires something more practical. Employees need real-world scenarios:
- What can be safely uploaded?
- What should never be uploaded?
- How should prompts be structured?
- What are the risks of public versus enterprise AI tools?
Understanding the “why” is more effective than memorizing rules.
-
Implement AI Activity Monitoring
Organizations already monitor network traffic, cloud access, and privileged activities. AI interactions deserve similar visibility.
Monitoring does not mean spying on employees. It means identifying patterns that could expose sensitive information before damage occurs.
The real lesson
My biggest takeaway from the CISA incident is not that AI is dangerous, but that AI has exposed weaknesses that already existed. Poor governance. Inconsistent policies. Executive exceptions. Insufficient training. Unclear accountability. Generative AI did not create these problems. It simply made them impossible to ignore.
Organizations rushing to adopt AI often focus on the sophistication of the models. They talk about reasoning capabilities, autonomous agents, and productivity gains, missing altogether the more important (and far less glamorous) conversation about human judgment. Because no matter how intelligent our tools become, the security of an organization still depends on the decisions humans make when nobody is watching.
Apparently, the most valuable AI lesson comes not from what the technology can do, but from what it reveals about us.