Key Takeaways
1. The Acting Director of CISA, Madhu Gottumukkala, uploaded sensitive government documents to a public version of ChatGPT, triggering security alerts.
2. Gottumukkala received a special exemption to use the AI tool, despite the documents being labeled “For Official Use Only.”
3. The incident raises concerns about data exposure, as public AI tools like ChatGPT send inputs to OpenAI, unlike secure internal tools.
4. CISA is investigating the incident, with conflicting statements about the timeline of Gottumukkala’s use of the tool.
5. This incident adds to ongoing controversies surrounding Gottumukkala, including previous issues with a polygraph test related to counterintelligence.
The Acting Director of the Cybersecurity and Infrastructure Security Agency (CISA), which is the main US agency for cybersecurity, was involved in a security incident last year. Madhu Gottumukkala uploaded sensitive government documents to a public version of ChatGPT. Information from four officials at the Department of Homeland Security (DHS) obtained by Politico revealed that this action set off several automated security alerts. These alerts are designed to stop the theft or accidental release of government materials from federal networks. Reports indicate that alarms were triggered multiple times during the first week of August alone.
Accessing the AI Tool
Gottumukkala obtained a special exemption to use the AI chatbot, which he requested from CISA’s Chief Information Officer soon after he started his role in May. At that point, the application was only available to regular employees of the Department of Homeland Security. Although the files he uploaded were not classified, they were labeled “For Official Use Only,” indicating that they contained sensitive information not meant for the public.
Controversy Over the Incident
This incident has raised eyebrows, especially because of the technical nature of the tool involved. When using the public version of ChatGPT, inputs are sent to the developer OpenAI, and there is a possibility that this data could be used to enhance the model or answer questions for other users. In contrast, the AI tools approved for use within the Department of Security, like the internal “DHSChat,” are set up to ensure that no data or search queries can leave the secured federal networks. OpenAI claims that their service currently has over 700 million active users, which emphasizes the risk of information exposure.
CISA’s Response
In response to the situation, CISA is attempting to clarify matters. Spokeswoman Marci McCarthy stated that the use of the chatbot was approved, short-term, limited, and conducted under security measures. She also disputed the timeline, claiming that the director last used the tool in mid-July. This contradicts previous statements from officials who said security alerts were still detecting uploads in early August. An internal investigation is now underway to find out if the incident resulted in any real harm. This case is just one of many controversies involving Gottumukkala, who has reportedly previously failed a polygraph test related to counterintelligence.
IOL, Politico.
Source:
Link
Leave a Reply