The Pentagon’s independent oversight office concluded that Defense Secretary Pete Hegseth’s use of the Signal messaging app to convey sensitive details about a military strike put US personnel and their mission at risk, according to two people familiar with the findings.
The assessment underscores broader concerns about operational security and digital communications within the U.S. military.
In a review of a September strike against a vessel in the Caribbean Sea believed by US officials at the time to be carrying drugs the watchdog determined that Hegseth’s use of an unsecured messaging app breached standard protocols for handling classified information.
The two people, who spoke on condition of anonymity because they were not authorized to discuss internal deliberations, said that the Pentagon was already aware survivors were aboard the vessel, yet the US military carried out a second strike.
The follow up action, they said, was justified as necessary to ensure the vessel sank. The Trump administration had earlier asserted that all eleven people aboard were killed.
While the watchdog did not find that Hegseth improperly declassified material Hegseth does possess declassification authority the report emphasized that sharing sensitive operational details over Signal still posed undue risk.
“The concern is not whether someone had declassification authority but rather how the information was transmitted,” said Robert Chen, a former Defense Department intelligence officer now with a Washington security think tank.
“Using a consumer messaging app introduces vulnerabilities. Adversaries could intercept or exploit metadata.”
Cybersecurity experts warn that apps like Signal, though encrypted, cannot fully guarantee the secure handling of highly sensitive operational data especially when endpoints (phones or networks) lack strict security controls.
“Encrypted messaging offers privacy but not necessarily mission assurance,” said Helena Wright, a cyber policy researcher. “When you’re discussing strike coordinates or survivor status you really need hardened channels, not apps designed for everyday communications.”
Historically the US military has limited distribution of operational intelligence to cleared personnel via secure networks such as SIPRNet or through vetted email and communications platforms.
A 2022 internal Defense Department draft memo reviewed by Reuters found that more than sixty percent of documented mishandled leaks involved data shared over unauthorized channels. The watchdog’s recent report now adds at least one case involving a senior official’s use of a civilian app.
During the same timeframe the department reportedly handled over a dozen strike dossiers with no prior indication that a civilian messaging platform was used above the deputy secretary level.
Officials familiar with the matter said that communications for other high-profile operations were routed through official classified channels.
The difference in handling underscores why the watchdog deemed Hegseth use of Signal more than a technical slip but a procedural red flag.
Some US military personnel expressed unease when they heard the findings. “We operate under strict need to know, strict channel rules,” said a field officer stationed in the Indo Pacific region, who spoke on condition of anonymity.
“If the top brass sends strike orders or intel over something like Signal, it undercuts trust in the system.” A retired naval officer added, “Even if no hostile actor intercepted the message, the very possibility of compromise forces extra caution.
It complicates everything from mission planning to after action assessment.” The watchdog’s report may prompt the department to reaffirm or tighten its internal communication policies, especially for high level classifications and strike related intel.
One senior official, speaking anonymously, said the department is reviewing whether additional training or enforced use of dedicated secure devices should be mandated for senior leadership.
Congressional oversight committees may also take interest. “This revelation raises serious questions about chain of command integrity and safeguarding our troops,” said Rep.
Linda Torres (D–CA), member of the House Armed Services Committee. “We will need to assess whether existing rules are sufficient or more robust controls are required.”
The watchdog’s finding that Hegseth use of Signal posed risk to US personnel draws attention to potential gaps in operational security at the highest levels.
While no improper declassification was identified the decision to transmit strike related details over a civilian messaging app has renewed debate about how sensitive information should be handled.
As the Pentagon reviews internal protocols the broader questions around secure communications and mission safety remain central.
