Even the U.S. cyber chief pasted secret docs into ChatGPT
In January 2026, TechCrunch reported that the acting director of CISA — the U.S. government’s own cybersecurity agency — uploaded sensitive contracting documents marked “for official use only” into the public version of ChatGPT, tripping internal security alerts.
If the person running national cyber defense routes controlled documents into a public model, the lesson is not “train staff harder.” It is that the leak is structural: the moment sensitive data can reach a public AI tool, some of it will. The only reliable control is to make the tool itself private.
The Stavryn take
- You cannot policy your way out of human nature. People paste sensitive data into whatever tool is in front of them.
- A sanctioned private model removes the temptation entirely — the data never has anywhere external to go.
Reported by TechCrunch, corroborated by CSO Online. See defense & CMMC and security.