The Trump administration's attempt to discuss sensitive military plans in an encrypted messaging app turned into a teachable moment in endpoint security when one of those officials mistakenly added The Atlantic's editor-in-chief to the group chat. In Jeffrey Goldberg's story, posted Monday, he recounted how accepting a Signal connection request on March 11 from a user called Michael Waltz—the same name as Trump's national security adviser—led to him being added to a "Houthi PC small group" chat.

Goldberg witnessed discussions between members of this principals' committee about military responses to attacks by Houthi militants in Yemen, which appeared to include officials as high-ranking as Vice President JD Vance and Secretary of Defense Pete Hegseth. The participants in this chat appeared to be discussing how European nations owed the US for its actions to defend shipping lanes in the Red Sea from Houthi drones and missiles.

The Atlantic's EIC, having accepted that this chat probably wasn't some elaborate spoof, then realized that strikes carried out by US forces against Houthis on March 15 were only hours away after Hegseth posted a "TEAM UPDATE" in the Signal chat that included information about targets, weapons the US would be deploying, and attack sequencing.

Goldberg observed in his story that an American adversary could have exploited the details Hegseth shared to harm American military and intelligence personnel, particularly in the broader Middle East. Goldberg's story shares such gleeful reactions to the March 15 attacks as Waltz replying in pictogram form with fist, American flag, and fire emoji.

The journalist wrote that he removed himself from the Signal group—which should have automatically notified Waltz—and still did not get any feedback about his presence there until he emailed multiple members and other Trump administration officials Monday morning to ask why he had been added and if the White House normally discussed military plans in that app.

"This appears to be an authentic message chain, and we are reviewing how an inadvertent number was added to the chain," a National Security Council spokesman told Goldberg. During a Monday-afternoon appearance at the White House with Louisiana Gov. Jeff Landry (R), President Trump answered a question about Goldberg's story by saying it was all news to him.

“I don’t know anything about it,” Trump said before ing that “I’m not a big fan of The Atlantic.” He brushed aside a follow-up about whether using Signal instead of established government communications systems could have compromised the attack: “Well, it couldn’t have been very effective, because the attack was very effective."

Trump on his cabinet members using Signal to text war plans to a reporter: "I don't know anything about it. I'm not a big fan of The Atlantic. To be it's a magazine that's going out of business. But I know nothing about it. You're saying that they had what?"

Signal’s combination of end-to-end encryption and extensive scrubbing of metadata generally earns this open-source app exceptionally high grades among secure messaging apps, but any system is only as secure as its least trusted endpoint.

How Waltz or whoever had access to his copy of the app could have added Goldberg by mistake remains unclear but does seem possible. You can add somebody to a group chat by a phone number or a username; if that somebody does not have a profile picture set in the app, their avatar in the chat will only consist of their initials in a circle.

Does This Break Government Rules, and Does Anyone Care? What does seem clear, both from Goldberg’s story and the earlier breaches of classified data as the “Vault 7” leaks of CIA hacking tools happened despite officials complying with rules that demanded “a more careful vetting of who can access information than simply adding a phone contact to a Signal group,” Bryson Bort, founder and CEO of the Arlington, Va., security firm Scythe and a West Point graduate, emailed.

"In the wrong hands this can get US service members killed."