How safe is Signal, the so-called encrypted messaging app that placed US national security at risk?

Signal, the so-called secure app known for privacy that people use to text their drug dealers, make crypto deals, and Elon Musk uses to keep in touch with his side chick baby mama Ashley St. Claire, just exposed the United States to one of the dumbest national security blunders in history. It is completely unfathomable to me.

On March 11, top officials in President Donald Trump’s Cabinet used Signal to plan military strikes on Yemen, and they accidentally invited Jeffrey Goldberg, editor-in-chief of The Atlantic, into their private war room group chat, because yes, that’s a thing.

According to The Atlantic, Jeffrey got access to classified discussions inside a Signal group called “Houthi PC small group.” That thread held full war plans: locations, weapons packages, timing, target details—everything. 

“It was shocking recklessness,” Jeffrey said. After he got added to the “Houthi PC small group,” he said he contacted his colleagues to check if this was some kind of disinformation stunt. Maybe it was a trick by a hostile government or a media-trolling operation trying to embarrass him. But it wasn’t. It was real.

“I had very strong doubts that this text group was real,” Jeffrey said. “Because I could not believe that the national-security leadership of the United States would communicate on Signal about imminent war plans.” He also couldn’t believe that the national security adviser would be “so reckless as to include the editor-in-chief of The Atlantic in such discussions with senior U.S. officials, up to and including the vice president.”

Officials were using personal phones, bypassing secure government systems

A former White House official, who asked not to be named, allegedly told Politico that it was simply “unbelievable” that officials with full traveling security teams ignored the secure government systems they already had. 

“These guys all have traveling security details to set up secure comms for them, wherever they are,” the official said. But instead of using official channels, Cabinet members like Pete, Tulsi Gabbard, Vice President JD Vance, and Marco Rubio all likely used their personal devices to access the chat.

Keep in mind that Signal cannot run on federal government phones, so those guys were for sure on regular smartphones, which in itself is very weird indeed. According to the same former official, “Their personal phones are all hackable, and it’s highly likely that foreign intelligence services are sitting on their phones watching them type the shit out.”

Jacob Williams, a former hacker at the NSA and now VP of R&D at Hunter Strategy, explained that Signal is not accredited for handling any classified information. Jacob said that Signal users can link their phone accounts to a desktop version of the app, which increases risk.

“Signal data is being delivered to potentially multiple desktop and laptop computers,” said Jacob. And that data doesn’t live in the phone’s secure enclave anymore—it can be exposed to malware already running on the system.

Another major problem Jacob raised is that you can’t tell if your contact has linked their account to a desktop app. So no one in the chat could even assess if their counterparts were exposing data.

And amusingly enough, Signal claims in its Terms of Service that users are responsible for keeping their own devices and accounts secure. That’s not how the Pentagon we know handles top-level military planning—but apparently, it’s how the Trump administration now operates. In 2025, when cybersecurity risks are higher than they’ve ever been.

Democrats demand hearings, call the incident an astonishing security failure

After The Atlantic published Jeffrey’s report, opposing lawmakers jumped on the story. Democratic Bennie Thompson, House Homeland Security’s ranking member, said:

“It should go without saying that administration officials should not be using Signal for discussing intelligence matters reserved for the situation room—not to mention doing so incompetently by including members of the public.”

Gregory Meeks, the top Democrat on the House Foreign Affairs Committee, told Chair Brian Mast to hold a hearing. He called the situation “the most astonishing breach of our national security in recent history.” That hearing hasn’t been confirmed yet, but it won’t be the only one. 

The Senate and House Intelligence Committees are already scheduled to hold sessions this week about the 2025 Annual Worldwide Threats Assessment. Tulsi and other top intel officials will testify.

Jim Himes, ranking member of House Intelligence, said he was “horrified” by the chat. He plans to ask Tulsi directly about the use of Signal in planning the Yemen strike. 

“These individuals know the calamitous risks of transmitting classified information across unclassified systems,” Jim said, “and they also know that if a lower ranking official under their command did what is described here, they would likely lose their clearance and be subject to criminal investigation.”

One name that won’t show up at the hearings though is Marco, who until January was the ranking member of the Senate Intelligence Committee. But according to Jeffrey’s screenshots, Marco was inside the group chat and actively participating.

In the same group chat, those guys were also discussing their picks for various positions all around the country. Michael Waltz, who is Trump’s national security adviser and the person who invited Jeffrey to the chat texted, “Team – establishing a principles group for coordination on Houthis, particularly for over the next 72 hours. My deputy Alex Wong is pulling together a tiger team…”

Oh but it got worse, because right after, Marco Rubio, the current Secretary of State, responded with “Mike Needham for State.” JD Vance added “Andy Baker for VP.” Tulsi Gabbard, the Director of National Intelligence, sent “Joe Kent for DNI.” 

Scott Bessent, Treasury Secretary, dropped “Dan Katz for Treasury.” Pete Hegseth confirmed “Dan Caldwell for DoD.” Then came names from the National Security Council, White House Chief of Staff Susie Wiles, and even a mention of Stephen Miller as “S M.”

They thought they were assigning point persons. Instead, they were giving classified access to a journalist. A liberal journalist who doesn’t even like Trump, mind you.

At no point did anyone verify who “JG” was. They didn’t notice they’d added a reporter. They didn’t question why someone outside government was sitting in the middle of planning airstrikes.

“I have never been invited to a White House principals-committee meeting,” Jeffrey said. “And I have never heard of one being convened over a commercial messaging app.”

Signal got popular in DC after a massive China-linked hack

The context behind all of this started months before. After a Chinese-government-linked breach of U.S. telecom networks was discovered, exposing thousands of Americans’ phone data—including calls made by Trump and JD Vance—officials started pushing encrypted platforms like Signal. 

The fear of foreign surveillance led many in Washington to adopt apps like Signal without properly understanding the security trade-offs.

Signal became the go-to app because it collects almost no user data, and everything is encrypted end-to-end by default. It even includes a feature that deletes messages after a set period of time. 

But as Hunter Strategy’s Jacob pointed out, that doesn’t make it secure for classified government work. Encryption doesn’t fix stupidity. And when the most powerful Cabinet on the planet is holding war meetings on their cellphones, stupid becomes dangerous for every single one of us.

Eighteen people were in that chat. Some were real, like Pete, Tulsi, JD, Marco, Scott, and Susie. Others were tagged in as staff reps. One even named an active CIA officer. Jeffrey chose not to publish that name—but confirmed he had seen it.

Now the U.S. is left cleaning up after one of the sloppiest, dumbest national security breaches ever. Not because of a foreign hack. Not because of malware. But because the government planned a war on a free app downloaded from the App Store, or Google Store.

And someone typed the wrong name, now America is a punchline.