WASHINGTON — The acting director of the Cybersecurity and Infrastructure Security Agency reportedly failed a polygraph exam intended to grant him access to highly sensitive intelligence, then placed several career staffers involved in the test on administrative leave.
The episode has intensified scrutiny of leadership at the agency as it faces steep workforce losses and growing cyber threats.
Polygraph failure and retaliation claims
Madhu Gottumukkala, CISA’s acting director, failed a polygraph administered internally, which was not officially required for his role.
After the failed test, Gottumukkala placed at least six career staffers on administrative leave. Those employees had helped schedule or coordinate the exam and are now under investigation.
According to Politico, the Department of Homeland Security has opened an investigation into whether officials misled Gottumukkala into taking the test:
The Department of Homeland Security opened an investigation into whether the staff provided “false information” about the need for the test — which was scheduled after Gottumukkala sought access to certain highly sensitive cyber intelligence shared with the agency.
This article is based on interviews with eight current and four former U.S. cybersecurity officials, including multiple Trump administration appointees, who have either worked closely with Gottumukkala or have knowledge of the polygraph examination and the chain of events that followed. They were granted anonymity for fear of retribution.
The incident this July and the subsequent fallout — which has not been reported before — have angered career staff, alarmed fellow Trump administration appointees and raised questions about Gottumukkala’s leadership of the nearly $3 billion cyber defense agency.
“Instead of taking ownership and saying, ‘Hey, I screwed up,’ he gets other people blamed and potentially ruins their careers,” said a current official, who described Gottumukkala’s tenure at CISA so far as “a nightmare” for the agency.
DHS spokesperson Tricia McLaughlin defended the decision, saying that Gottumukkala “did not fail a sanctioned polygraph test.”
“An unsanctioned polygraph test was coordinated by staff, misleading incoming CISA leadership,” McLaughlin wrote in an email to Politico. “The employees in question were placed on administrative leave, pending the conclusion of an investigation.”
McLaughlin said the department expects “the highest standards of performance” from its employees and will hold them accountable for complying with all policies and procedures. He added that Gottumukkala has “the complete and full support” of Secretary Kristi Noem and remains focused on returning the agency to its statutory mission.
McLaughlin did not elaborate on why the acting director remained in his position after failing a test tied to access to classified intelligence.
Questions of double standards
Critics have pointed to what they see as a double standard in CISA leadership. Gottumukkala, who rose in national security circles under former South Dakota Gov. Kristi Noem, retained his role despite the failed polygraph.
That outcome stands in contrast to October 2025 workforce cuts that eliminated 176 CISA positions as part of broader DHS reductions.
Polygraphs remain controversial
Polygraph exams are sometimes used during federal security clearance reviews to assess potential risks, including foreign contacts or coercion.
But they are widely viewed as imperfect tools. Legal and security experts note that polygraphs are not definitive proof of deception and remain controversial for their reliability.
Agency turmoil and cyber threats
The incident comes as CISA faces broader instability. According to Cybersecurity Dive, the agency has seen significant departures among senior leaders amid restructuring under the current administration.
As of last month, cybersecurity vacancies at CISA hovered near 40%. The staffing gap has strained operations during active threats, including BRICKSTORM, a sophisticated backdoor malware campaign attributed to Chinese state-sponsored actors.
BRICKSTORM is designed for stealth, long-term persistence, and espionage, raising concerns about the agency’s capacity to respond effectively.
Growing oversight pressure
Lawmakers on Capitol Hill have previously pressed CISA leadership for clarity on workforce reductions and mission priorities. The polygraph controversy is likely to deepen congressional oversight as questions mount about accountability and readiness at the nation’s top civilian cyber defense agency.
READ NEXT: US Carries Out ISIS Strikes In Nigeria After Trump Warning
