US President Donald Trump’s acting head of cybersecurity might have exhibited poor cyber hygiene practices after he uploaded potentially sensitive information to OpenAI’s ChatGPT.
Politico reported four officials confirmed the actions of the Cybersecurity and Infrastructure Security Agency's (Cisa) interim director, Madhu Gottumukkala, prompted an internal review to determine if “any harm to government security from the exposures” had occurred, though the documents were considered potentially sensitive, not classified.
Cyber hygiene is a series of simple habits that can safeguard information on technological devices from being compromised.
According to Cisa, which addresses cyber hygiene at length on its website, paying attention and implementing routine measures can “significantly reduce risk” of nefarious actors seeking to cause damage.
Last week at the World Economic Forum’s annual meeting in Davos, Switzerland, cybersecurity expert Jack Hidary, chief executive of SandboxAQ, warned the prevalence of AI chatbots and similar tools could cause lapses of judgment and potentially compromise confidential data.
“I'm not talking about closed, licensed AI tools, I'm talking about generic chatbots like ChatGPT and Gemini,” Mr Hidary said.
He referred to a recent incident involving several Samsung employees. “Two engineers put a prompt question into ChatGPT with proprietary Samsung information and became part of the data that you can query today,” he said. Similar incidents are happening every day, he added.
“It opens up a huge amount of cyber and trade secret vulnerabilities and companies are only beginning to realise it."
The issue of cybersecurity is among the top 10 concerns, both for the short term and long term, among those surveyed in the WEF's 2026 global risks report.
“Technological risks are also anticipated to worsen in severity over the next decade,” the report warned.
As for the recent incident allegedly involving Mr Gottumukkala, Politico said Cisa officials first raised red flags about the uploading of documents to ChatGPT last August.
Cisa told the media outlet that the interim director was granted permission to use the public version of OpenAI’s chatbot and that proper security controls were in place.
According to his biography on Cisa's website, before serving as the government body's acting director, Mr Gottumukkala was the commissioner and chief information officer for South Dakota’s Bureau of Information and Technology.
