A watchdog within the US Department of Defense has publicly confirmed an investigation into the use of the Signal messaging app by top White House officials.

On Thursday, the acting Inspector General Steven Stebbins for the Department of Defense wrote it is “initiating the subject evaluation” into the “recent public reporting on the Secretary of Defense’s use of an unclassified commercially available messaging application to discuss information pertaining to military actions in Yemen in March 2025.”

The Pentagon Inspector General said that the “objective of the evaluation is to determine the extent to which the Secretary of Defense and other DoD personnel complied with DoD policies and procedures for the use of a commercial messaging application for official business. Additionally, we will review compliance with classification and records retention requirements.”

Pentagon investigation

The Pentagon Inspector General Steven Stebbins was appointed by Donald Trump, and his letter was in response to a letter last month from two ranking members of the Senate Armed Services Committee – namely Senators Roger F. Wicker (Republican) and Jack Reed (Democrat).

The controversy had begun late last month when the editor-in-chief of the Atlantic, Jeffrey Goldberg, was inadvertently added to a group chat on Signal, where plans for a strike against the Houthi group in Yemen were discussed.

The group chat was hosted by US National Security Advisor Michael Waltz, and he had reportedly accidentally added Goldberg.

Other people in the Signal chat included US Vice President JD Vance, US Secretary of State Marco Rubio, and Tulsi Gabbard, Trump’s director of national intelligence, as well as Secretary of Defense, Pete Hegset.

The fact that senior US officials had opted to utilise a commercial messaging app to discuss secret military plans, and not an approved US government communication service or platform, naturally triggered security concerns from experts, as Signal’s use of end-to-end encryption does not negate a user’s actual smartphone being compromised by other means (i.e. malware).

Democrat Senate leader Chuck Schumer had called it “one of the most stunning” military intelligence leaks in history and called for an investigation.

Classified material?

The material in the Signal text chain reportedly “contained operational details of forthcoming strikes on Iran-backed Houthi-rebels in Yemen, including information about targets, weapons the US would be deploying, and attack sequencing,” Atlantic editor-in-chief Jeffrey Goldberg had stated.

However those in the chat group have insisted that the military plans discussed were not classified, and no rules requiring the preservation of government documents were broken.

Goldberg for his part did not disclose specifics of the text chain that he felt would endanger US national security or risk the lives of US personnel.

Goldberg however received the details of the attack on 15 March in the Signal chat, two hours before the US began launching a series of airstrikes against Houthi targets in Yemen.

The UK reportedly provided aerial refuelling for US jets during the Yemen airstrikes.

What is Signal?

The Signal app was created by Matthew Rosenfeld – who is better known by the pseudonym Moxie Marlinspike.

Signal itself if owned by the Signal Foundation, a US-based non-profit, which relies on donations rather than ad revenue.

Moxie Marlinspike joked on X that “there are so many great reasons to be on Signal. Now including the opportunity for the vice president of the United States of America to randomly add you to a group chat for coordination of sensitive military operations.”

Signal is used by an estimated 40-70 million monthly users, making it much smaller compared to the likes of WhatsApp, Telegram or Messenger.

Signal uses end-to-end encryption for its messaging and calling services, which means that messages and calls sent on Signal are scrambled, and only the sender and recipient at each end of the chat have the key to decipher them.

Even Signal itself cannot access them, but Signal’s encryption protocol is open source, meaning that it is freely available for anyone to inspect, use or modify.

The encryption protocol is also used by Meta’s WhatsApp platform.

Cellebrite vs Signal

There was previously a security scare about Signal, after mobile forensics firm Cellebrite in 2020 had raised industry eyebrows when it had initially claimed it had cracked Signal’s encryption.

But Cellebrite’s claim was quickly dismissed by Moxie Marlinspike in a tweet on X, who noted that Cellebrite had allegedly altered its original blog post making the claim.

Cellebrite was the firm that was reportedly hired by the FBI in 2016 to help access the locked iPhone belonging to the San Bernardino terriorist Syed Rizwan Farook.