It's so often the guys that are at the top who are the exception to the rules that are the problem.
I knew some folks who worked military communications and they broke rules regularly because senior officers just didn't want to walk across the street to do something secure...
Have worked in places where juniors had to lock devices when on prem; only authorized hardware in the rooms. Yet, the danger was from sloppy O6+ not the O1/GS6 who would (ready&abel) carry the water.
The is a serious problem with folk with power and authority and somehow no responsibility.
In the 00's, DIA had episodes of career researchers watching porn from secured and monitored systems and then losing their jobs and clearances. One can only conclude they wanted to be fired or were really, really stupid.
I had a C-level guy who installed on his fresh notebook a FireFox extension from the wrong domain, it contained mailware - he missed the official link in Google and clicked on whatever scammer site to download the extension :-X
It’s absolutely necessary to have ChatGPT.com blocked from ITAR/EAR regulated organizations, such as aerospace, defense, etc. I’m really shocked this wasn’t already the case.
I really enjoyed unchecking all those cookie controls. Of the 1668 partner companies who are so interested in me, a good third have a "legitimate interest". With each wanting to drop several cookies, it seems odd that Privacy Badger only thinks there are 19 cookies to block. Could some of them be fakes - flooding the zone?
The same cookie can be shared with several partners or collected data can be passed to the partners.
It's not a cookie law — it's a privacy law about sharing personal data. When I know your SSN and email address, I might want to sell that pairing to 1668 companies and I have to get your "consent" for each.
I for one, after doing a bit of reserach, was shocked to find out the person in question is apparently completely unqualified for the job (if him pasting sensitive information into public ChatGPT didn't already make that abundantly clear). But the highlight from his Wikipedia page is this one:
>In December 2025, Politico reported that Gottumukkala had requested to see access to a controlled access program—an act that would require taking a polygraph—in June. Gottumukkala failed the polygraph in the final weeks of July. The Department of Homeland Security began investigating the circumstances surrounding the polygraph test the following month and suspended six career staffers, telling them that the polygraph did not need to be administered.[12]
So the guy failed a polygraph to access a highly controlled system full of confidential information, and the solution to that problem was to fire the people in charge of ensuring the system was secure.
We're speed running America into the ground and half the country is willfully ignorant to it happening.
It's bizarre that someone would choose to use the public, 4o bot over the ChatGPT Pro level bot available in the properly siloed and compliant Azure hosted ChatGPT already available to them at that time. The government can use segregated secure systems set up specifically for government use and sensitive documents.
It looks like he requested and got permission to work with "For Unofficial Use Only" documents on ChatGPT 4o - the bureaucracy allowed it - and nobody bothered to intervene. The incompetence and ignorance both are ridiculous.
Fortunately, nothing important was involved - it was "classified because everything gets classified" bureaucratic type classification, but if you're CISA leadership, you've gotta be on the ball, you can't do newbie bullshit like this.
the current united states government is staffed mostly with unserious people, or people who are serious about doing crimes against humanity. there's very little in between.
This is a "Cybersecurity chief" causing an intern-level IT incident.
In many industries, this would be a rapid incident at the company-level and also an immediate fireable offense and in some governments this would be a complete massive scandal + press conference broadcasted across the country.
Then again the CTO of Crowdstrike that had their anti-malware code update cause huge problems, is the same guy that was CTO of McAfee when their AV code update, caused huge problems.
There have to be GovCloud only LLMs just for this case.
I swear this government is headed by appointed nephews of appointed nephews.
I keep thinking back about that Chernobyl miniseries; head of the science department used to run a shoe factory. No one needs to be competent at their job anymore
> [ChatGPT] is blocked for other Department of Homeland Security staff. Gottumukkala “was granted permission to use ChatGPT with DHS controls in place,” adding that the use was “short-term and limited.”
He had a special exemption to use it as head of Cyber and still got flagged by cybersecurity checks. So obviously they don't think it's safe to use broadly.
> No one needs to be competent at their job anymore
That's actually the whole point. Placing incompetents in positions of authority means they know absolutely to whom they owe their loyalty. Because they know they would never have that job on merit. And since they don't really know how to do the job, they have no moral qualms about doing a poor job, or strong opinions on what they should be doing -- other than whatever mission their patron has given them. It's a tool used by weak leaders and it's unfortunately very effective.
Make the government look so incompetent that it is a no brainer to let a private company (headed by your friends and family of course) to do the important jobs and siphon resources much more effectively.
> I swear this government is headed by appointed nephews of appointed nephews.
No joke, the previous head of the State Department task force tasked with fighting corruption and nepotism in international contracting was named Rich Nephew. (He's a very talented career civil servant and I mean no shade I just find that hilarious.)
Guess what this administration would love to do with nuclear facilities...
Any time you have to include "competent" in a description of a job or related technology, that's a clue that it needs requisite oversight and (possibly exponetial) proportionate cost.
They say that most fascist governments fall apart because they actively despise competence, which it turns out you need if you are trying to run a country.
Yay, on-premise llms are what is recomended for serious use, at least US gov thinks that :) But rest of us need to pay subscriptions for 3r party businesses passing back and forth our... everything ?
In old days ppl was saying: "I have no secrets" and now we evolved into "I know how to not upload important docs" ;)
I wonder how far removed the interim director of the CISA is from any real world security. I bet they have not seen or solved any real security problems and merely are an executive looking over cybersec. This probably is another example of why you need rank and file security peeps into security leadership roles rather than some random exec.
I would like to be able to say that it is uncommon, but based on what I am seeing in my neck of the woods, all sorts of, one would think, private information is ingested by various online llms. I would have been less annoyed with it had those been local deployments, but, uhhh, to say it is not a first choice is being over the top charitable with current corporates. And it is not even question of money! Some of those corps throw crazy money at it.
edit: Just in case, in the company I currently work at, compliance apparently signed off on this with only a rather slim type of data verbotten from upload.
I adore that this guy had security clearance and I doubt I'd clear that bar. Last time I looked at the interview there was a question:
> have you ever misused drugs?
and I doubt I'd be able to resist the response:
> of course not, I only use drugs properly.
also I wouldn't lie, because that's would undermine the purpose. Still sad I can't apply for SC jobs because I'm extremely patriotic and improving my nation is something that appeals.
FWIW I have held a security clearance during my career, and telling them I smoked weed was not a dealbreaker. What they are ultimately looking for is reasons why you could be coerced into divulging classified information. If you owe money due to drugs/gambling, etc, that's where it becomes a dealbreaker.
The Dept of Homeland Security has had its own internal gen-AI chat bot since before Trump took office [0]. That this guy couldn’t make do with that, and didn’t think through the repercussions of uploading non-public documents to a public chatbot doesn’t bode well for his ability to manage CISA
He graduated from Andhra University with a bachelor of engineering in electronics and communication engineering, the University of Texas at Arlington with a master's degree in computer science engineering, the University of Dallas with a Master of Business Administration in engineering and technology management, and Dakota State University with a doctorate in information systems.
And he still manages to make a rookie mistake. Time to investigate Mr. Gottumukkala's credentials. I wouldn't be surprised if he's a fraud.
He was the 'CTO' of South Dakota and later the CIO/Commissioner of the South Dakota Bureau of Information and Telecommunications under governor Kristi Noem.
Edit: (From a European perspective) it seems like the southern states really took over the US establishment. I hadn't really grasped the level of it, before.
> In April 2025, secretary of homeland security Kristi Noem named Gottumukkala as the deputy director of the Cybersecurity and Infrastructure Security Agency; he began serving in the position on May 16. That month, Gottumukkala told personnel at the agency that much of its leadership was resigning and that he would serve as its acting director beginning on May 30.
> Cybersecurity monitoring systems then reportedly flagged the uploads in early August. That triggered a DHS-led damage assessment to determine whether the information had been exposed.
So it means, a DLP solution, browsers trusting its CA and it silently handling HTTP in clear-text right?
[+] [-] duxup|1 month ago|reply
I knew some folks who worked military communications and they broke rules regularly because senior officers just didn't want to walk across the street to do something secure...
[+] [-] edoceo|1 month ago|reply
The is a serious problem with folk with power and authority and somehow no responsibility.
That's across government, service and corporate.
[+] [-] burnt-resistor|1 month ago|reply
[+] [-] KellyCriterion|1 month ago|reply
[+] [-] simbleau|1 month ago|reply
[+] [-] RegW|1 month ago|reply
Damn. I forgot to read the article.
[+] [-] direwolf20|1 month ago|reply
It's not a cookie law — it's a privacy law about sharing personal data. When I know your SSN and email address, I might want to sell that pairing to 1668 companies and I have to get your "consent" for each.
[+] [-] unknown|1 month ago|reply
[deleted]
[+] [-] tw04|1 month ago|reply
>In December 2025, Politico reported that Gottumukkala had requested to see access to a controlled access program—an act that would require taking a polygraph—in June. Gottumukkala failed the polygraph in the final weeks of July. The Department of Homeland Security began investigating the circumstances surrounding the polygraph test the following month and suspended six career staffers, telling them that the polygraph did not need to be administered.[12]
So the guy failed a polygraph to access a highly controlled system full of confidential information, and the solution to that problem was to fire the people in charge of ensuring the system was secure.
We're speed running America into the ground and half the country is willfully ignorant to it happening.
[+] [-] Insanity|1 month ago|reply
[+] [-] observationist|1 month ago|reply
It looks like he requested and got permission to work with "For Unofficial Use Only" documents on ChatGPT 4o - the bureaucracy allowed it - and nobody bothered to intervene. The incompetence and ignorance both are ridiculous.
Fortunately, nothing important was involved - it was "classified because everything gets classified" bureaucratic type classification, but if you're CISA leadership, you've gotta be on the ball, you can't do newbie bullshit like this.
[+] [-] bilekas|1 month ago|reply
You're assuming the planted lackey has any knowledge of these tools.
[+] [-] Kapura|1 month ago|reply
[+] [-] rvz|1 month ago|reply
In many industries, this would be a rapid incident at the company-level and also an immediate fireable offense and in some governments this would be a complete massive scandal + press conference broadcasted across the country.
[+] [-] shrubble|1 month ago|reply
[+] [-] geodel|1 month ago|reply
[+] [-] BiscuitBadger|1 month ago|reply
I swear this government is headed by appointed nephews of appointed nephews.
I keep thinking back about that Chernobyl miniseries; head of the science department used to run a shoe factory. No one needs to be competent at their job anymore
[+] [-] dmix|1 month ago|reply
> [ChatGPT] is blocked for other Department of Homeland Security staff. Gottumukkala “was granted permission to use ChatGPT with DHS controls in place,” adding that the use was “short-term and limited.”
He had a special exemption to use it as head of Cyber and still got flagged by cybersecurity checks. So obviously they don't think it's safe to use broadly.
They already have a deal with OpenAI to build a government focused one https://openai.com/global-affairs/introducing-chatgpt-gov/
[+] [-] randycupertino|1 month ago|reply
Don't forget the Large Adult Sons!
https://www.newyorker.com/culture/cultural-comment/the-land-...
https://knowyourmeme.com/memes/large-adult-sons
[+] [-] gtowey|1 month ago|reply
That's actually the whole point. Placing incompetents in positions of authority means they know absolutely to whom they owe their loyalty. Because they know they would never have that job on merit. And since they don't really know how to do the job, they have no moral qualms about doing a poor job, or strong opinions on what they should be doing -- other than whatever mission their patron has given them. It's a tool used by weak leaders and it's unfortunately very effective.
[+] [-] fooker|1 month ago|reply
Make the government look so incompetent that it is a no brainer to let a private company (headed by your friends and family of course) to do the important jobs and siphon resources much more effectively.
[+] [-] bandrami|1 month ago|reply
No joke, the previous head of the State Department task force tasked with fighting corruption and nepotism in international contracting was named Rich Nephew. (He's a very talented career civil servant and I mean no shade I just find that hilarious.)
[+] [-] tryauuum|1 month ago|reply
[+] [-] unknown|1 month ago|reply
[deleted]
[+] [-] te_chris|1 month ago|reply
[+] [-] smaudet|1 month ago|reply
Any time you have to include "competent" in a description of a job or related technology, that's a clue that it needs requisite oversight and (possibly exponetial) proportionate cost.
[+] [-] unknown|1 month ago|reply
[deleted]
[+] [-] TZubiri|1 month ago|reply
[+] [-] bdangubic|1 month ago|reply
[+] [-] ayaros|1 month ago|reply
[+] [-] timmmmmmay|1 month ago|reply
[+] [-] unknown|1 month ago|reply
[deleted]
[+] [-] direwolf20|1 month ago|reply
[+] [-] snarky_dog|1 month ago|reply
[deleted]
[+] [-] stronglikedan|1 month ago|reply
I hear Los Alamos labs has an LLM that makes ChatGPT look like a toy. And then there's Sentinel, which may be the same thing I'm not sure.
[+] [-] Woodi|1 month ago|reply
In old days ppl was saying: "I have no secrets" and now we evolved into "I know how to not upload important docs" ;)
[+] [-] Bhilai|1 month ago|reply
[+] [-] iugtmkbdfil834|1 month ago|reply
edit: Just in case, in the company I currently work at, compliance apparently signed off on this with only a rather slim type of data verbotten from upload.
[+] [-] Quarrelsome|1 month ago|reply
> have you ever misused drugs?
and I doubt I'd be able to resist the response:
> of course not, I only use drugs properly.
also I wouldn't lie, because that's would undermine the purpose. Still sad I can't apply for SC jobs because I'm extremely patriotic and improving my nation is something that appeals.
[+] [-] stackghost|1 month ago|reply
[+] [-] direwolf20|1 month ago|reply
> no
and keep the rest of it in your head.
[+] [-] danso|1 month ago|reply
[0] https://www.dhs.gov/archive/news/2024/12/17/dhss-responsible...
[+] [-] booleandilemma|1 month ago|reply
He graduated from Andhra University with a bachelor of engineering in electronics and communication engineering, the University of Texas at Arlington with a master's degree in computer science engineering, the University of Dallas with a Master of Business Administration in engineering and technology management, and Dakota State University with a doctorate in information systems.
And he still manages to make a rookie mistake. Time to investigate Mr. Gottumukkala's credentials. I wouldn't be surprised if he's a fraud.
[+] [-] reactordev|1 month ago|reply
[+] [-] JohnMakin|1 month ago|reply
[+] [-] lysace|1 month ago|reply
He was the 'CTO' of South Dakota and later the CIO/Commissioner of the South Dakota Bureau of Information and Telecommunications under governor Kristi Noem.
Edit: (From a European perspective) it seems like the southern states really took over the US establishment. I hadn't really grasped the level of it, before.
[+] [-] sv123|1 month ago|reply
[+] [-] ceejayoz|1 month ago|reply
https://en.wikipedia.org/wiki/Madhu_Gottumukkala
> In April 2025, secretary of homeland security Kristi Noem named Gottumukkala as the deputy director of the Cybersecurity and Infrastructure Security Agency; he began serving in the position on May 16. That month, Gottumukkala told personnel at the agency that much of its leadership was resigning and that he would serve as its acting director beginning on May 30.
[+] [-] unknown|1 month ago|reply
[deleted]
[+] [-] pelasaco|1 month ago|reply
So it means, a DLP solution, browsers trusting its CA and it silently handling HTTP in clear-text right?