An extraordinary breach of U.S. security is stunning security and intelligence veterans, after a journalist was added to a Trump administration group chat on Signal, where senior leaders discussed plans for a military strike on Houthi rebels in Yemen.
The breach left military and intelligence experts asking the same questions as the public: Why would top U.S. officials use a free messaging app to discuss classified military plans? How could a journalist be added to their group chat?
"Any one of us that served in the military or serve in the military would be in Leavenworth if we did this," former Rep. Adam Kinzinger, a Republican who served as a lieutenant colonel in the Air National Guard, said via X.
"Heads are exploding," Ned Price, a former CIA analyst who was deputy to the U.S. ambassador to the U.N. in the Biden administration, told NPR's Morning Edition as he described conversations with former colleagues about high-ranking Trump officials' Signal chat.
A "Principals Committee" discussion is normally highly secure
Under normal circumstances, national security officials go to great lengths to maintain secrecy when discussing sensitive military operations. But the Signal snafu exposed conversations among the Principals Committee — a body that "generally includes the heads of departments or agencies," according to the Congressional Research Service.
"The meetings of the Principals Committee are held in the White House Situation Room, perhaps the most secure venue within the U.S. government," Price said.
Members who can't attend in person can participate via a sensitive compartmented information facility (SCIF).
"These secure rooms are built to discuss classified information," NPR's Greg Myre reports. "You can't take a phone into these rooms. You can't take documents out, and all of these top-ranking national security officials have SCIFs at their offices and at their homes."
If those options aren't available, top officials can use a secure video teleconference system.
"This is a top secret network that beams them into the White House Situation Room," Price says, adding that if a member is traveling, a national security team accompanies them to set up a secure tent and other equipment to protect their communications.
But this month, Defense Secretary Pete Hegseth shared details about targets and weapons via the Signal app hours before the March 15 U.S. attack, according to Jeffrey Goldberg, editor-in-chief of The Atlantic.
Goldberg says he saw the plans days after being added to a Signal chat called "Houthi PC small group" by a user named Michael Waltz, the name of President Trump's national security adviser. "It was a chilling thing to realize that I've inadvertently discovered a massive security breach in the national security system of the United States," Goldberg told NPR's All Thing Considered.
Goldberg did not share what he said could be damaging elements of the communications sent to him, including what he called "operational details of forthcoming strikes."
Signal is put under a spotlight
Messages on Signal are encrypted — journalists at NPR and other outlets use it as a way to maintain privacy. The first Trump administration targeted such apps five years ago, complaining that their messages couldn't be decrypted even by law enforcement agencies with a warrant.
But experts say sensitive government communications normally occur via official devices and through elaborate security measures, not by using open-source software offered by a nonprofit.
The Principals Committee chat's 18 members included Vice President Vance, White House Chief of
Staff Susie Wiles and "S M," an apparent reference to Trump adviser Stephen Miller. Also in the group: CIA Director John Ratcliffe and Director of National Intelligence Tulsi Gabbard, both of whom were questioned about the breach during a Senate Intelligence Committee hearing on Tuesday.
"Those agencies are absolutely fanatical about secure communications," NPR's Myre says of the CIA and DNI. "Yet based on Goldberg's account, no senior national security official raised concerns about sharing war plans on Signal."
Last week, a Pentagon-wide email went out warning staff about a vulnerability in the messaging app, according to NPR's Tom Bowman. The notice cited risks from "Russian professional hacking groups" working to spy on encrypted communications. The notice was apparently sent days after Goldberg told Waltz that he had somehow been added to the PC group, and left the chat.
The Pentagon warning was related to phishing attacks, not to any issue in Signal's "core technology," said Jun Harada, a Signal vice president, in a statement. "Once we learned that Signal users were being targeted, and how they were being targeted, we introduced additional safeguards and in-app warnings to help protect people from falling victim to phishing attacks," Harada said.
NPR disclosure: Katherine Maher, the CEO of NPR, chairs the board of the Signal Foundation.
Copyright 2025 NPR