Security breach: Officials warn of lasting damage from leaked signal messages

Sensitive intelligence discussions should remain in classified settings. However, a recent breach involving high-ranking U.S. officials using an unsecured messaging app has raised alarms over national security risks.

According to current and former officials, two messages sent via the Signal app by National Security Adviser Mike Waltz and CIA Director John Ratcliffe may have significantly undermined the United States’ ability to gather intelligence on Yemen’s Iran-backed Houthi rebels. The texts, exchanged in a group chat that included senior officials discussing military strikes, allegedly exposed critical surveillance tactics.

While initial scrutiny focused on Defense Secretary Pete Hegseth’s messages detailing the timing and weaponry of planned strikes, sources indicate that Waltz and Ratcliffe’s texts were equally damaging. One message from Ratcliffe revealed that the CIA was in the process of mobilizing intelligence-gathering assets and suggested that a delay in strikes could help refine surveillance coverage on Houthi leadership.

Experts warn that even acknowledging U.S. intelligence efforts is risky, but the phrase “identify better starting points” implied the use of advanced surveillance techniques, such as overhead reconnaissance. This revelation may prompt the Houthis to adjust their movements and evade detection.

Another message from Waltz reportedly provided an extremely specific after-action report, stating that the military had “positive ID” of a senior Houthi leader entering a particular building. Intelligence officials say this level of detail could allow adversaries to discern U.S. surveillance methods, making future operations more challenging.

A former intelligence official explained the significance: “The Houthis have always been difficult to track. Now you’ve just highlighted for them that they’re in the crosshairs.”

Both Waltz and Ratcliffe maintain that no classified information was shared, and Ratcliffe defended his message in testimony before the Senate Intelligence Committee. However, national security experts strongly disagree, arguing that even indirect references to intelligence methods can endanger operations.

Beyond the content of the messages, officials have raised concerns over the use of Signal, a commercial messaging app, for such discussions. While Signal is end-to-end encrypted and widely used in government, CIA regulations prohibit discussing operational matters on the platform due to potential cybersecurity risks. A recent report by Google’s Mandiant security firm found that Russian-linked hackers had attempted to infiltrate Signal accounts belonging to Ukrainian military personnel.

Following the breach, CIA officials issued a reminder to Ratcliffe’s staff about the limitations of using Signal for sensitive matters. While Signal is sanctioned for logistical coordination, it is not approved for classified information. A U.S. official clarified, “It’s the most secure commercial app, but it’s not a substitute for classified networks.”

Despite the security concerns, no official damage assessment has been ordered to evaluate the potential exposure of intelligence sources. The Department of Defense is not expected to modify its security protocols, as doing so could be perceived as an admission of error.

The National Security Council, led by Waltz, is reviewing how Atlantic editor-in-chief Jeffrey Goldberg was mistakenly added to the Signal chat. Waltz has taken responsibility for creating the group but has provided inconsistent explanations regarding how Goldberg’s contact was included.

Meanwhile, President Donald Trump has publicly suggested that the breach may be due to flaws in the Signal app itself, though no review of its government usage has been announced. The administration has downplayed the sensitivity of the leaked messages, attempting to weather the political backlash.

However, Ratcliffe himself acknowledged in Senate testimony that deliberations on military strikes should take place through classified channels—an implicit admission that these messages should never have been sent in an unclassified chat.

As national security experts and lawmakers continue to scrutinize the fallout, the long-term impact of this breach remains uncertain. One thing, however, is clear: safeguarding intelligence methods is paramount, and this incident serves as a stark reminder of the risks posed by mishandling sensitive information.