US cybersecurity chief leaked sensitive government files to ChatGPT: Report

Posted by randycupertino 7 hours ago

Comments

Comment by BiscuitBadger 6 hours ago

There have to be GovCloud only LLMs just for this case.

I swear this government is headed by appointed nephews of appointed nephews.

I keep thinking back about that Chernobyl miniseries; head of the science department used to run a shoe factory. No one needs to be competent at their job anymore

Comment by dmix 6 hours ago

The article says

> [ChatGPT] is blocked for other Department of Homeland Security staff. Gottumukkala “was granted permission to use ChatGPT with DHS controls in place,” adding that the use was “short-term and limited.”

He had a special exemption to use it as head of Cyber and still got flagged by cybersecurity checks. So obviously they don't think it's safe to use broadly.

They already have a deal with OpenAI to build a government focused one https://openai.com/global-affairs/introducing-chatgpt-gov/

Comment by grayhatter 6 hours ago

> So obviously they don't think it's safe to use broadly.

More likely, everything gets added to the list because there shouldn't be false positives, it's worth investigating to make sure there isn't an adjacent gap in the security systems.

Comment by nostrademons 6 hours ago

Somehow I think that the weak link in our government security is at the top - the President, his cabinet, and various heads of agencies. Because nobody questions what they're allowed to do, and so they're exempt from various common-sense security protocols. We already saw some pretty egregious security breaches from Pete Hegseth.

Comment by NoGravitas 6 hours ago

That's also the case in businesses. No one denies the CEO a security exemption.

Comment by lysace 5 hours ago

I have never worked in a company where an obviously incorrect CEO-demanded security exemption (like this one) would have been allowed to pass. Professionalism, boards (with a mandatory employee member/representative, after some size) and ethics exist.

30 years in about 8 software companies, Northern Europe. Often startups. Between 4 to 600 people. When they grow large the work often turns boring, so it's time to find something smaller again.

Comment by NoGravitas 5 hours ago

Ah, Northern Europe is probably the difference. This passes all the time in the US. It's probably more common in non-tech companies, as well.

Comment by LastTrain 2 hours ago

I’m in the US, SE since 1998, startups to multinationals. What the GP said holds true for me too. There are serious professionals in the world - I don’t know why some people want to drag every one else down to the level of the current US administration- they are exceptionally inept.

Comment by coldtea 2 hours ago

>I have never worked in a company where an obviously incorrect CEO-demanded security exemption (like this one) would have been allowed to pass

You don't have worked in enough companies then.

Just for the sake of argument, you think anybody would have denied Jobs or Bezos or Musk one?

Comment by lysace 1 hour ago

I saw what joining Apple did to a friend in the early 2000s.

(Extreme burnout, did not get rich from the pain. It was just pointless destruction.)

Comment by craftkiller 4 hours ago

I used to work devops for a startup. The _only_ person who was exempted from 2-factor auth was the CEO. It's the perfect storm: a tech illiterate person with access to everything and the authority to exclude himself from anything he finds inconvenient.

Comment by Nicook 1 hour ago

CTO at a successfull cybersecurity startup I worked at long ago was exempt from critical security updates. She refused to restart her computer out of fear for her Excel state.

Comment by hsbauauvhabzb 2 hours ago

The phrase ‘Don’t you know who I am?’ Will be taken differently depending on corporate culture.

Comment by AnimalMuppet 6 hours ago

Been there. The CEO of an internet security company was the one who clicked on the wrong email attachment and turned a virus loose.

I mean, I don't know if he had a security exemption, or if anyone who clicked on it would have infected us. But he was the weak link, at least in that instance.

Comment by scottyah 2 hours ago

Hah no, weak links are everywhere at all levels. The stories just don't generate revenue for news companies.

Comment by b00ty4breakfast 5 hours ago

whether he is personally and directly responsible for this specific incident, his leadership absolutely sets the tone for the rest of the federal government.

Comment by tw85 5 hours ago

[flagged]

Comment by dboreham 5 hours ago

It goes back long before the current regime. People may remember a certain cabinet secretary who ran her own exchange server in the basement.

Comment by macintux 5 hours ago

It’s always fascinating how massive corruption is “whatabout”’d because someone years ago did something stupid.

Comment by trelane 5 hours ago

Do you mean now, or then?

Bad is still bad, no matter what the party doing it.

Comment by tw85 5 hours ago

You mean like the whataboutism that the parent is responding to which is even less on topic than Hillary's email server?

Comment by bell-cot 1 hour ago

Humans generally find "food safety expert sickens guests with tuna salad he left out overnight on warm countertop" to be a far more damning charge than "fire safety expert sickens ... warm countertop".

Dig up a live mic catching Hillary calling the IOC a bunch of self-serving scum just as Obama was begging them to award the 2016 Olympics to Chicago, and we might call it comparable.

Comment by randycupertino 6 hours ago

> I swear this government is headed by appointed nephews of appointed nephews.

Don't forget the Large Adult Sons!

https://www.newyorker.com/culture/cultural-comment/the-land-...

https://knowyourmeme.com/memes/large-adult-sons

Comment by fooker 3 hours ago

It's all part of the plan.

Make the government look so incompetent that it is a no brainer to let a private company (headed by your friends and family of course) to do the important jobs and siphon resources much more effectively.

Comment by tryauuum 4 hours ago

Do remember that HBO Chernobyl is fiction, there was no shoe guy publicly drinking vodka irl

Comment by kergonath 44 minutes ago

It is perfectly plausible that someone from a shoe factory would end up in that guy’s position. He would just have been running the factory, not making shoes.

Comment by varjag 3 hours ago

Yes in reality that guy was a machinist.

Comment by 6 hours ago

Comment by smaudet 4 hours ago

Guess what this administration would love to do with nuclear facilities...

Any time you have to include "competent" in a description of a job or related technology, that's a clue that it needs requisite oversight and (possibly exponetial) proportionate cost.

Comment by te_chris 5 hours ago

The failsons of the king of the failsons

Comment by bdangubic 3 hours ago

DEI in action (funny people thst voted for this were apparently anti-DEI and now they get 100% DEI)

Comment by timmmmmmay 5 hours ago

there are, he was just too lazy to use them

Comment by TZubiri 4 hours ago

Isn't using azure openai enough? I read their docs and they have self hosted instances for corporate data compliance.

Comment by ayaros 4 hours ago

Hey, working at a shoe factory is serious business. You have to be a real bootlicker to get ahead in a place like that.

Comment by goopypoop 58 minutes ago

at least until you get to upper management

Comment by direwolf20 6 hours ago

They say that most fascist governments fall apart because they actively despise competence, which it turns out you need if you are trying to run a country.

Comment by coldtea 2 hours ago

They say it, but they're wrong. Historically speaking there have been basically about 2 fascist governments, and they fell because they lost wars. And Germany, for one, did run them with high competence, to the extend that it took years for many countries to do anything about.

It we loosen "fascist" to just mean any authoritarian government, there are many that run of very long time.

Comment by thinkingtoilet 1 hour ago

WWII started in 1939 and was done in early 1945, so it didn't take that long.

More importantly, maybe the Nazi's were competent at first, but they absolutely fell apart internally due to mistrust, back stabbing, and demanding of loyalty above all else. Hitler famously made many poor military decisions.

Comment by bena 5 hours ago

That’s because eventually reality catches up to you.

If the reality of a thing is in opposition to the regime’s wishes, you can’t just wish that away.

However, the regime will favor those who say “yes” over those who accept reality.

Comment by PearlRiver 5 hours ago

Competence gives way to ideology.

I once read an interesting book on the economy of Nazi Germany. There were a lot of smart CEOs and high ranking civil servants who perfectly predicted US industrial might.

Comment by 6 hours ago

Comment by snarky_dog 1 hour ago

[dead]

Comment by stronglikedan 6 hours ago

> There have to be GovCloud only LLMs just for this case.

I hear Los Alamos labs has an LLM that makes ChatGPT look like a toy. And then there's Sentinel, which may be the same thing I'm not sure.

Comment by gosub100 5 hours ago

Check the engineering salaries between each organization and reconsider your claim.

Comment by heliumtera 5 hours ago

And we all heard they reverse engineered alien anti gravity technology in the 80s.

Comment by JohnMakin 7 hours ago

This administration's op-sec has been consistently "barney fife" levels of incompetence.

Comment by kstrauser 6 hours ago

Leave Fife out of it. His heart was in the right place, at least. Also, his boss made sure he was unarmed.

Comment by opello 1 hour ago

Or at least not readily armed, bullet in the shirt pocket and all.

Comment by JohnMakin 41 minutes ago

In at least one episode he gets it taken away from him, which is my favorite bit. “Give me my bullet!”

Comment by winddude 7 hours ago

this administrations competence on anything and everything has been a kid eating glue

Comment by malfist 5 hours ago

One of them has bragged about how difficult it is to identify a giraffe, but that he's done it three times

Comment by FireBeyond 4 hours ago

And probably also been asked to draw a clock at a certain time, too.

Comment by jermaustin1 6 hours ago

If it wasn't meant to be eaten, it shouldn't have tasted so good!

Comment by rbanffy 6 hours ago

We should get their heads checked for crayons.

Comment by theyneverlear 7 hours ago

[dead]

Comment by mcs5280 6 hours ago

Pretty sure that's a feature, not a bug

Comment by JohnMakin 6 hours ago

Personally I believe this but it gets into conspiracy theory real quick. There are far simpler explanations.

Comment by jermaustin1 6 hours ago

Same, I want to believe that this is all a ruse and that the are smart and just really good at playing dumb, but there are just too MANY of them.

It's sycophancy plain and simple. Surround yourself with only yes-men, it ends up becoming less and less competent as the ones who stand up and say no are replaced.

Even if they know better, they can't do better because they know there is no loyalty to nay-sayers.

Comment by XorNot 3 hours ago

The main thing is that if you're a big enough entity, in favorable enough conditions, it's possible to make stupid decisions continuously and survive them for a very long time.

It's the "market can remain irrational..." problem.

Comment by shermantanktop 2 hours ago

And as a consequence, never recognize them as being stupid---in fact the reverse, because your bad ideas are met with macro success even while individually they may struggle.

It's yet another broken feedback loop.

Comment by atomic_reed 4 hours ago

[dead]

Comment by kevin_thibedeau 5 hours ago

The simpler explanation is that all the competent people saw what happened the first go around and want nothing to do with it. That leaves a detritus of sociopathic wannabes to select from for staff, all vying to mirror the behavioral profile of dear leader.

Comment by miltonlost 6 hours ago

Incompetence and conspiracies go hand-in-hand.

Comment by JohnMakin 6 hours ago

Not really. It is far easier to explain incompetence in powerful positions than to explain competence on purpose in powerful positions - the latter is definitely a conspiracy, the former is not.

Comment by rbanffy 6 hours ago

This administration’s incompetence allows their opponents to conspire much more effectively.

Comment by pixl97 6 hours ago

Quite often it is both.

It's not uncommon for incompetent people to be put in positions of power. Because they are incompetent, competent but malicious people take advantage of this and commit actual crimes.

This is where actual conspiracies show up. And that is the incompetent powerful people cover up said crime to avoid looking incompetent.

It is an extremely common pattern.

Comment by direwolf20 4 hours ago

When Donald Trump saw the footage of the murder of Renee Good, he said "Oh". He didn't know what ICE were doing until then. He trusted his cabinet who were telling him they were getting illegal immigrants and left wing terrorists.

Comment by bigfudge 3 hours ago

He also repeated the lies that she was a domestic terrorist etc. I don’t think we need credit trump with any moral fibre over this just yet…

Comment by pixl97 3 hours ago

No, he did not trust his cabinet at all, which is why he put a bunch of yes men in place to ensure they fucked up and did the dumbest thing.

DT has had a long history of operating like a mafia boss where the design of the people he chooses around him is to put scapegoats on when the criminal activities he's involved in is caught.

Comment by direwolf20 2 hours ago

He chose people who give him good emotions, because he has dementia. He didn't know that would mean they would screen the world from him, because he has dementia. If he did know that, he wouldn't understand it because he has dementia.

Comment by 6stringmerc 3 hours ago

When I saw mention it was in context of a “contracting” type set of info / document I actually chuckled - I spent a decade in procurement and sales for high stakes contracts. Incompetent person has no idea how to manage a procurement and goes online. Basically this is a 2026 version of an inept executive bashing “what is an RFP” into a search engine from 2007.

Comment by toomuchtodo 6 hours ago

The trick is how to weaponize the incompetence against them.

Comment by rbanffy 6 hours ago

There at least one country that weaponised it against the US.

Comment by Braxton1980 6 hours ago

Russia

Comment by 0xy 5 hours ago

And when the CCP compromised the law enforcement portal for every American ISP, stealing info on 80% of Americans, including both the Kamala and Trump campaigns, under the previous admin it was rock solid op-sec, presumably.

Or when the previous admin leaked classified Iran attack plans from the Pentagon, so bad that they didn't even know whether they were hacked or not.

You can at least pretend to make a technical argument over a political one.

Comment by zzrrt 5 hours ago

> CCP compromised the law enforcement portal for every American ISP

Isn’t that the fault of the ISPs, not the admin?

Comment by 0xy 3 hours ago

Nope. The breach was in law enforcement operated portals.

Comment by Daishiman 4 hours ago

You're the one making a political argument by doing a whataboutism that attempts to negate the failings of this administration. Which you're not even doing correctly because by every measure the previous administration was drastically more competent by looking at the qualifications of the people who filled their posts.

Comment by 0xy 3 hours ago

Can you explain how leaking the phone metadata of 80% of Americans and compromising the integrity of the 2024 election campaign's private comms is better OpSec than a single leak?

It's the worst U.S. government leak of all time, by far.

Comment by stronglikedan 6 hours ago

It's been the same with every administration, unfortunately. It's just a side effect of such an unnecessarily big goverment.

Comment by jfreds 5 hours ago

Inviting a reporter from the Atlantic to your signal chat where you coordinate military plans has nothing to do with government being too big

Comment by chrisco255 2 hours ago

If they are so leaky then why were they able to capture Maduro without a single American casualty? On one hand you claim incompetence and yet no one was tipped off. So maybe the Signal group chat wasn't as important as it was made out to be?

Comment by JohnMakin 5 hours ago

Are you sure? This guy didn't pass a counterintelligence polygraph. Like, the one that asks "are you sure you're not a spy?"

Comment by subscribed 51 minutes ago

Which polygraph, "lie detector" polygraph?

https://www.apa.org/topics/cognitive-neuroscience/polygraph

> Reviews of decades of scientific research suggest that polygraph tests are not reliable or accurate enough to be used in most forensic, legal or employment settings.

> Although lying can cause the physiological responses measured by polygraph machines—such as sweating and increased heart rate—those same changes can occur even when people are not lying, for example when they are nervous.

Comment by acdha 5 hours ago

You have to actively maintain a state of ignorance to say this isn’t different. Go look at all of the public reporting starting in January about the way appointees in the Pentagon, DOGE, etc. blew through the normal policies and procedures controlling access, clearing people, or restricting sharing.

For example, this wasn’t just “oops, I used the wrong number” but Hegseth getting a custom line run into a secure facility so he could use a personal computer of unknown provenance and security:

https://www.nytimes.com/2025/04/24/us/politics/hegseth-signa...

That’s one of the reasons why one of the first moves they made was to fire CISOs and the inspectors general who would normally be investigating serious policy violations.

This isn’t “big government”, it’s the attitude that the law is a tool used to hurt their opponents and help themselves but never the reverse.

Comment by snake42 6 hours ago

You really think that every other administration has had this level of incompetence? The current bumbling and corruption is absolutely unparalleled.

Comment by observationist 6 hours ago

It's bizarre that someone would choose to use the public, 4o bot over the ChatGPT Pro level bot available in the properly siloed and compliant Azure hosted ChatGPT already available to them at that time. The government can use segregated secure systems set up specifically for government use and sensitive documents.

It looks like he requested and got permission to work with "For Unofficial Use Only" documents on ChatGPT 4o - the bureaucracy allowed it - and nobody bothered to intervene. The incompetence and ignorance both are ridiculous.

Fortunately, nothing important was involved - it was "classified because everything gets classified" bureaucratic type classification, but if you're CISA leadership, you've gotta be on the ball, you can't do newbie bullshit like this.

Comment by bilekas 6 hours ago

> It's bizarre that someone would choose to use the public, 4o bot over the ChatGPT Pro level bot available in the properly siloed

You're assuming the planted lackey has any knowledge of these tools.

Comment by direwolf20 6 hours ago

Or any reason to give a shit and use the less convenient tool.

Comment by nilstycho 6 hours ago

Better to read the original story from Politico.

https://www.politico.com/news/2026/01/27/cisa-madhu-gottumuk...

Comment by HelloUsername 6 hours ago

Which had no discussion https://news.ycombinator.com/item?id=46786672

Comment by nilstycho 6 hours ago

O algorithm, algorithm! all men call thee fickle.

Comment by Insanity 7 hours ago

People were already careless with social media which was openly public. I imagine it’ll be worse with these LLMs for the average person.

Comment by Smar 3 hours ago

This is the real risk I think. Currently there are no means to even pretend to get anything deleted from LLMs either.

Comment by Insanity 3 hours ago

Yeah and ultimately those tools will be used as advertising machines. You'll get hyper specific targeted ads.

I'm pretty pessimistic about the future with LLMs, but I can't see it being a net positive for humanity in the long run.

Comment by simbleau 6 hours ago

It’s absolutely necessary to have ChatGPT.com blocked from ITAR/EAR regulated organizations, such as aerospace, defense, etc. I’m really shocked this wasn’t already the case.

Comment by tonetegeatinst 6 hours ago

I agree....but ITAR and EAR can be super vauge especially in higher education.

Comment by lysace 6 hours ago

"The report says Gottumukkala requested a special exemption to access ChatGPT, which is blocked for other Department of Homeland Security staff."

Comment by rbanffy 6 hours ago

That they got this is shocking in itself.

Comment by lysace 6 hours ago

Surely that must have been approved by the Secretary of Homeland Security Kristi Noem, his former boss back in SD.

Comment by rbanffy 6 hours ago

Every cause that led to this event is, in itself, quite shocking.

I feel for my American friends, and hope they never again optimise their government for comedy value.

Comment by RegW 6 hours ago

I really enjoyed unchecking all those cookie controls. Of the 1668 partner companies who are so interested in me, a good third have a "legitimate interest". With each wanting to drop several cookies, it seems odd that Privacy Badger only thinks there are 19 cookies to block. Could some of them be fakes - flooding the zone?

Damn. I forgot to read the article.

Comment by direwolf20 4 hours ago

The same cookie can be shared with several partners or collected data can be passed to the partners.

It's not a cookie law — it's a privacy law about sharing personal data. When I know your SSN and email address, I might want to sell that pairing to 1668 companies and I have to get your "consent" for each.

Comment by 4 hours ago

Comment by sv123 7 hours ago

Sounds about on par with what I would expect competence wise.

Comment by ceejayoz 7 hours ago

Hand-picked by Noem, so yeah.

https://en.wikipedia.org/wiki/Madhu_Gottumukkala

> In April 2025, secretary of homeland security Kristi Noem named Gottumukkala as the deputy director of the Cybersecurity and Infrastructure Security Agency; he began serving in the position on May 16. That month, Gottumukkala told personnel at the agency that much of its leadership was resigning and that he would serve as its acting director beginning on May 30.

Comment by lm28469 7 hours ago

> Gottumukkala had requested to see access to a controlled access program—an act that would require taking a polygraph

Are the US ok? It's 2026 not 1926

Comment by htek 6 hours ago

The polygraph is still used for security vetting, today. No word on whether they still read a lamb's entrails for portents or consult the dead with a Ouija board.

Comment by rbanffy 6 hours ago

> No word on whether they still read a lamb's entrails for portents or consult the dead with a Ouija board.

Don’t give RFK Jr ideas.

Comment by jabroni_salad 3 hours ago

These days I think that thing's main purpose is to bounce people who would otherwise request access that they don't really need. If it isn't worth sitting down for the machine you don't really need it.

Comment by Jach 3 hours ago

> Gottumukkala failed the polygraph in the final weeks of July. The Department of Homeland Security began investigating the circumstances surrounding the polygraph test the following month and suspended six career staffers, telling them that the polygraph did not need to be administered.

This is pretty insane though.

Comment by tremon 6 hours ago

It's actually a few minutes to 1929, so that checks out.

Comment by rbanffy 6 hours ago

Feels like 1935

Comment by ceejayoz 6 hours ago

The Feds love polygraphs. Still very much in active use.

Comment by pstuart 6 hours ago

This is what you get when you prize personal loyalty over competence.

This issue is the one thing that gives me some hope that they can be ousted -- they are collectively too stupid and motivated only by their self interests to hold their power indefinitely.

Comment by rbanffy 6 hours ago

Does anyone in this administration actually trusts each other’s personal loyalties? I wouldn’t.

Comment by 6 hours ago

Comment by tw04 2 hours ago

I for one, after doing a bit of reserach, was shocked to find out the person in question is apparently completely unqualified for the job (if him pasting sensitive information into public ChatGPT didn't already make that abundantly clear). But the highlight from his Wikipedia page is this one:

>In December 2025, Politico reported that Gottumukkala had requested to see access to a controlled access program—an act that would require taking a polygraph—in June. Gottumukkala failed the polygraph in the final weeks of July. The Department of Homeland Security began investigating the circumstances surrounding the polygraph test the following month and suspended six career staffers, telling them that the polygraph did not need to be administered.[12]

So the guy failed a polygraph to access a highly controlled system full of confidential information, and the solution to that problem was to fire the people in charge of ensuring the system was secure.

We're speed running America into the ground and half the country is willfully ignorant to it happening.

Comment by TheSkyHasEyes 2 hours ago

Not defending the buy but completely might be inaccurate. He has a masters in comp sci eng. https://en.wikipedia.org/wiki/Madhu_Gottumukkala

I do realize this scholastic achievement is not indication he knows what he is doing.

Comment by chrisco255 2 hours ago

Polygraphs have to be one of the most awkward / bizarre requirements for accessing a program. They are not scientifically reliable.

Comment by Havoc 7 hours ago

Well they’re about to solve that by intentionally cramming it into grok instead

Comment by pstuart 6 hours ago

DOGE already extracted their data of interest, but no doubt they're hungry for more.

Comment by rbanffy 6 hours ago

There’s always a buyer for this kind of data. I’m sure there is a lot of activity in those markets.

Comment by iugtmkbdfil834 4 hours ago

I would like to be able to say that it is uncommon, but based on what I am seeing in my neck of the woods, all sorts of, one would think, private information is ingested by various online llms. I would have been less annoyed with it had those been local deployments, but, uhhh, to say it is not a first choice is being over the top charitable with current corporates. And it is not even question of money! Some of those corps throw crazy money at it.

edit: Just in case, in the company I currently work at, compliance apparently signed off on this with only a rather slim type of data verbotten from upload.

Comment by Bhilai 6 hours ago

I wonder how far removed the interim director of the CISA is from any real world security. I bet they have not seen or solved any real security problems and merely are an executive looking over cybersec. This probably is another example of why you need rank and file security peeps into security leadership roles rather than some random exec.

Comment by Kapura 5 hours ago

the current united states government is staffed mostly with unserious people, or people who are serious about doing crimes against humanity. there's very little in between.

Comment by kube-system 5 hours ago

The vast majority of government staff are career professionals who know what they are doing, not political appointees who showed up in the past year.

Comment by Quarrelsome 6 hours ago

I adore that this guy had security clearance and I doubt I'd clear that bar. Last time I looked at the interview there was a question:

> have you ever misused drugs?

and I doubt I'd be able to resist the response:

> of course not, I only use drugs properly.

also I wouldn't lie, because that's would undermine the purpose. Still sad I can't apply for SC jobs because I'm extremely patriotic and improving my nation is something that appeals.

Comment by stackghost 6 hours ago

FWIW I have held a security clearance during my career, and telling them I smoked weed was not a dealbreaker. What they are ultimately looking for is reasons why you could be coerced into divulging classified information. If you owe money due to drugs/gambling, etc, that's where it becomes a dealbreaker.

Comment by rbanffy 6 hours ago

The general rule is not to lie to them, because they will interview all your friends and someone somewhere will rat you out. It’s pointless to try to hide anything during these interviews, and, if you do it, then it’s a dealbreaker.

Comment by jcalx 3 hours ago

You can see an archived list of industrial security clearance decisions here [0] which is interesting, and occasionally entertaining, reading. "Drug involvement security concerns" usually involve either actively using drugs or, worse, lying to cover up drug use, both of which are viewed as security concerns and grounds for rejection.

[0] https://web.archive.org/web/20170218040331/http://www.dod.mi...

Comment by Quarrelsome 6 hours ago

wait, so I can apply and be honest? Sick! I just poorly misassumed they had classicly archaic interpretations of drugs.

Comment by codezero 5 hours ago

I don’t have a clearance so someone can correct me, I believe you still have to have not used drugs in the prior year.

Comment by stackghost 5 hours ago

>I don’t have a clearance so someone can correct me

Why would you give an answer when by your own statement, you're not knowledgeable? What a strange mindset.

>I believe you still have to have not used drugs in the prior year.

My own experience does not agree with this speculation.

Comment by volkl48 4 hours ago

Current use is still a problem AFAIK (not sure on weed).

That said I can confirm that a few years back a friend who had previously used/experimented with a wide variety of substances (EDM scene, psychs), had no trouble getting a clearance.

They disclosed all of it, said they weren't currently using it and wouldn't for as long as they were in the job role, passed the drug test, and that was fine.

That said, to add to the "lying is a bad idea" point: I believe some of their references were asked about if they'd ever known that friend to have a dependency + if they were aware of any current/very recent use.

Comment by direwolf20 4 hours ago

OC had a point. If you take drugs in the way they are intended to be used, you can say no with a clear conscience. Whether the interviewer will accept that if they later find out you took drugs, I couldn't tell you.

Comment by direwolf20 4 hours ago

You would not get a security clearance, and the admin would make a note on your IQ. The correct answer is simply

> no

and keep the rest of it in your head.

Comment by reactordev 6 hours ago

It’s happening all across corporate too

Comment by itisit 51 minutes ago

And in all manner of regulated industries. People simply cannot resist throwing anything and everything at the magic text machine. A company can control its IT assets, but if the content is displayable on a screen, rest assured users will just take photos and upload to their personal LLM accounts to get the generative answers they endlessly desire.

Comment by reactordev 5 minutes ago

I’m actually shocked that security teams aren’t up in arms over this exfiltration of company secrets. I know some companies that are running their own models and agents but the vast majority are copilot/claude/codex’ing away sending all that sweet sweet IP to 3rd parties

Comment by mekdoonggi 6 hours ago

Can't be surprised when clowns clown.

Comment by mlmonkey 6 hours ago

It looke like he's unfit for the position, and was using ChatGPT to burnish his reports etc.

Comment by RegW 5 hours ago

Hey dude. That's a thought. Get your AI to expand it into a full report and send it to my AI to summarize!

Comment by bilekas 6 hours ago

If I did this with a banal internal documentation at work I would be written up and maybe fired over breaking known policy. This administration is so ridiculously incompetent, and interim head of cyber security.. leaks. The onion wouldn't write this.

Comment by 01284a7e 7 hours ago

"Information wants to be free". Government stooges help information with what it wants.

Comment by direwolf20 4 hours ago

The second half of the quote: "but information also wants to be expensive"

Comment by rvz 7 hours ago

This is a "Cybersecurity chief" causing an intern-level IT incident.

In many industries, this would be a rapid incident at the company-level and also an immediate fireable offense and in some governments this would be a complete massive scandal + press conference broadcasted across the country.

Comment by shrubble 6 hours ago

Then again the CTO of Crowdstrike that had their anti-malware code update cause huge problems, is the same guy that was CTO of McAfee when their AV code update, caused huge problems.

Comment by Braxton1980 5 hours ago

The CTO created the update? Otherwise it's not the same situation

Comment by 5 hours ago

Comment by kakacik 5 hours ago

No but they could have easily created the culture that massively increased the probability of such mishaps... we have all seen how not OK work environment negatively affects deliveries right, or read about boeing fiasco(s).

Not an insider just to be clear here so maybe just really bad luck. But no benefit of doubt for the third strike.

Comment by geodel 6 hours ago

I think he is real deal. I mean in reality he learned or knows very little about technical matters. No fraud needed.

Comment by bsaul 5 hours ago

BTW, what's the current status on LLMs and confidential documents ? Which license from which suppliers are fine and which aren't ?

Comment by 1970-01-01 5 hours ago

Once again, if you or I did this, it's federal crime and federal time.

But when the chief does it, it's an oopsie poopsie "special exemption".

Comment by 7777332215 6 hours ago

Where does this "cybersecurity monitoring" take place? On OpenAIs side? Or some kind of monitoring tools on the devices themself?

Comment by seanhunter 5 hours ago

In any enterprise, normal would be to have monitoring on all ingress and egress points from the network and on devices themselves. You can't only have monitoring on managed devices because someone might BYOD and plug in an unmanaged device/connect it to internal wifi etc.

You bring in vendors and they need guest wifi to give you a demo, you need to be able to give them something to connect to but you don't want that pipe to be unmonitored.

Comment by edferoci 4 hours ago

I wonder how they could discern the upload of sensitive documents from non-sensitive ones

Comment by alecco 4 hours ago

How is such a critical position filled with a foreign national?

Comment by ravoori 4 hours ago

He's a naturalized US citizen

Comment by I_am_tiberius 5 hours ago

My assumption is that it goes the other direction on a permanent basis.

Comment by pelasaco 4 hours ago

> Cybersecurity monitoring systems then reportedly flagged the uploads in early August. That triggered a DHS-led damage assessment to determine whether the information had been exposed.

So it means, a DLP solution, browsers trusting its CA and it silently handling HTTP in clear-text right?

Comment by throwaway85825 6 hours ago

Chalaki

Comment by jimt1234 6 hours ago

Well, at least there's gonna be a swift and appropriate punishment. LOL

Comment by booleandilemma 6 hours ago

From wikipedia:

He graduated from Andhra University with a bachelor of engineering in electronics and communication engineering, the University of Texas at Arlington with a master's degree in computer science engineering, the University of Dallas with a Master of Business Administration in engineering and technology management, and Dakota State University with a doctorate in information systems.

And he still manages to make a rookie mistake. Time to investigate Mr. Gottumukkala's credentials. I wouldn't be surprised if he's a fraud.

Comment by 6 hours ago

Comment by lysace 6 hours ago

https://en.wikipedia.org/wiki/Madhu_Gottumukkala

He was the 'CTO' of South Dakota and later the CIO/Commissioner of the South Dakota Bureau of Information and Telecommunications under governor Kristi Noem.

Edit: (From a European perspective) it seems like the southern states really took over the US establishment. I hadn't really grasped the level of it, before.

Comment by floren 6 hours ago

> Edit: (From a European perspective) it seems like the southern states really took over the US establishment. I hadn't really grasped the level of it, before.

It's good to know the Americans aren't the only ones who never look at maps outside their own country

Comment by dstroot 6 hours ago

South Dakota has a population of less than 1 million people and the complexity of a CTO job of a state like South Dakota would be quite low. It is < 0.3% of the US Population and likely has de minimis benefit programs.

Comment by JoeBOFH 6 hours ago

South Dakota is in the northern portion. But to your statement, historically speaking the southern states after the civil war kept trucking along in terms of power and influence.

Comment by ceejayoz 6 hours ago

The Dakotas weren't really north/south in the Civil War context; only about 4k people lived there in 1860. It was largely empty land, and not a state until 1889.

Comment by mythrwy 5 hours ago

That is one of the best comments I've seen on HN to date!

It seriously got me laughing. Thanks.

Comment by lysace 4 hours ago

I am so happy that my embarrassing lack of geographical knowledge of the US states' internal geographies amused you. A good laugh is great for your health, I've heard.

At least I know where your country is located.

Now, let me quiz you on the geographical locations of French regions? Or perhaps Finnish regions, if that's something you work closer with, day-to-day?

;)

Comment by wnevets 6 hours ago

The meritocracy strikes again.

Comment by zzzeek 7 hours ago

and which MTV reality show was this "cybersecurity chief" plucked from ?

Comment by geodel 6 hours ago

Do they have Middle Age Grandpas on MTV nowadays?

Comment by zzzeek 5 hours ago

I guess you kids have no idea who the Secretary of Transportation is

Comment by hackyhacky 3 hours ago

Sean Duffy was born in 1971. His oldest child is (or was) pregnant. He is literally a middle aged grandpa.

Comment by zzzeek 1 hour ago

and i mentioned this being about the guys age exactly where

Comment by jimt1234 4 hours ago

Do kids know what MTV is?

Comment by pepperball 5 hours ago

[dead]

Comment by billy99k 6 hours ago

[dead]

Comment by afavour 6 hours ago

> Hillary Clinton used a randomly hosted email server to send out official government emails for months. The story was quickly buried

You cannot be serious. That story arguably changed the course of the 2016 election. It was by absolutely no means “buried”.

Comment by throwaway85825 6 hours ago

Both can be true. Streisand effect.

Comment by afavour 5 hours ago

Both could be true. But they aren’t. The story was never buried.

Comment by throwaway85825 5 hours ago

Sometimes it's almost random when stories hit national news. The somali daycare fraud has been reported on publicly for years but didn't go viral until recently.

Comment by jimt1234 6 hours ago

Not sure if this is serious or satire.

Comment by gadders 6 hours ago

[flagged]

Comment by ceejayoz 6 hours ago

You think Clinton's email scandal "was quickly buried"?

Comment by ohyoutravel 6 hours ago

It was so well covered that there was a whole meme about it that everyone can recite to this day.

Comment by ben_w 6 hours ago

To add to your point: and if so, what were the "lock her up" chants about if not this?

Comment by jimt1234 6 hours ago

But her emails?!

Comment by theyneverlear 7 hours ago

[dead]

Comment by hareykrishna 6 hours ago

[flagged]

Comment by dmix 6 hours ago

Sounds like he came on a student visa from India and got citizenship.

Comment by rbanffy 6 hours ago

Citizenship can be revoked in cases that involve serious offences.

Comment by Jtsummers 5 hours ago

It usually requires fraud in receiving the citizenship for it to be revoked. Once naturalized, if you commit a serious offense unrelated to the citizenship process itself, you'll keep your US citizenship.

Comment by direwolf20 4 hours ago

Or ICE shows up at a naturalization hearing.

Comment by selimthegrim 4 hours ago

Don't hold your breath, Miller is big on denaturalization these days.

Comment by Jtsummers 2 hours ago

But he hasn't done anything yet, he just wants to. There's no legal standing for it at this point beyond what I said. Every case I've been able to find was tied to fraud associated with the naturalization process (either the process itself, or false statements given during the process).

Comment by grayhatter 6 hours ago

Leaked is not the correct word here. Generally as it's used, it implies some intent to disclose, the information for it's own purposes. You would call a disclosure to the war thunder forums a leak, because the intent was to use that information to win an argument. You wouldn't call Leaving boxes of classified information in a wearhouse where you'd normally read them a leak. (At least not as a verb). Likewise you wouldn't call it a leak if you mistakenly abandoned them in a park.

That said, IIRC For Official Use Only is the lowest level of classification (note not classified) it's not even NOFORN. It's even multiple levels below Sensitive But Unclassified.

So, who cares?

Much more significant is he failed the SCI/full poly... that means you lied about something. Yes I know polys don't work, but the point of the poly is to try to ensure you've disclosed everything that could be used against you, which ideally means no one could flip you or manipulate you. The functional part is to determine if you have anxiety about things you might try to hide, because that fear can be used against you. No fear/anxiety, or nothing you're trying to hide means you're harder to manipulate.

That feels bad even ignoring the whole hostile spys kinda thing.

Comment by _tk_ 5 hours ago

I’m a little surprised by the takes in the comments. Obviously, heads of departments or agencies, CEOs, or similar personnel are generally not in the same league as normal employees when it comes to compliance.

Productivity and efficiency are key for their work. I am sure there are lots of Sysadmins here, that had to disable security controls for a manager or had to configure something in a way to circumvent security controls from actually working. I have been in many situations where I have been asked by IT colleagues if doing something like that was fine, because an executive had to read a PowerPoint file NOW.

Comment by hackyhacky 4 hours ago

Sysadmins are afforded special leniency because of their demonstrated competence. Their leeway is earned. In this case, the "cyber security chief" has no proven skill other than absolute loyalty to his boss, which justified his skipping the usual vetting procedure.

Comment by superb_dev 5 hours ago

Obviously those kinds of stories are common, but you can’t seriously be suggesting that it is a good or acceptable thing?

Execs are just as stupid as your average person and bypassing security controls for them puts an organization at an even greater risk due to the kinds of information they have access to. They just get away with it because they’re in charge.

Comment by _tk_ 3 hours ago

Yes.

Comment by jorblumesea 4 hours ago

It touched a nerve because no one in the trump admin is qualified to do their job. There's a lot of corruption and a lot of people getting access to things they shouldn't due to their relationship and loyalty, not merit. There's a big difference from a sys admin having super user access and some random politically connected hack abusing their privilege.

DOGE/Musk, noem, Kash, hegseth, etc.