Signal’s founder pokes fun at the US military group-chat debacle

A major security leak involving the secure messaging platform Signal sparked widespread alarm throughout the country — but the platform’s founder didn’t appear very concerned.

In a post on X on Monday afternoon, Moxie Marlinspike, whose real name is Matthew Rosenfeld, poked fun at the group message leak and used it to ironically promote the “many great reasons to be on Signal.”

“Now including the opportunity for the vice president of the United States of America to randomly add you to a group chat for coordination of sensitive military operations,” the founder of the platform and its former CEO wrote in the post.

Marlinspike was referring to Monday’s news that The Atlantic’s editor in chief was accidentally added to a Signal group chat called “Houthi PC small group.”

“PC” referred to the principal committee, and the chat was primarily made up of senior US officials, including Vice President JD Vance, Defense Secretary Pete Hegseth, Director of National Intelligence Tulsi Gabbard, and Secretary of State Marco Rubio.

The chat’s participants were discussing forthcoming strikes on Yemen’s Houthi rebels, Jeffrey Goldberg, The Atlantic’s editor in chief, revealed in an article.

Marlinspike’s reaction is in sharp contrast to that of that of Democratic and Republican officials, many of whom expressed alarm at the security leak.

Republican Sen. John Cornyn of Texas told reporters the incident “sounds like a huge screwup” and that “somebody dropped the ball.” Republican Sen. Jim Risch of Idaho said Tuesday there will be an investigation into the incident, The Hill reported.

Marlinspike wasn’t the only social media user to poke fun at the snafu. However, comments on his post were mixed, with some blaming the officials who made the mistake and others saying that the platform should improve its security.

On Tuesday, Signal wrote in an X post that there has been “misinfo flying around that might drive people away from Signal and private communications.”

Signal cited a Tuesday report from NPR in its post. In its report, NPR said it obtained a Pentagon email from March 18, warning employees about a potential Signal vulnerability.

“The memo used the term ‘vulnerability’ in relation to Signal—but it had nothing to do with Signal’s core tech. It was warning against phishing scams targeting Signal users,” Signal wrote on X.

“Phishing isn’t new, and it’s not a flaw in our encryption or any of Signal’s underlying technology. Phishing attacks are a constant threat for popular apps and websites,” the company continued.

Signal is a nonprofit, open-sourced, end-to-end encrypted messaging platform that has emerged as one of the most popular messaging apps over the last few years. Only recipients can see messages, so it’s commonly used by journalists, government officials, and tech giants.

Signal and Marlinspike did not respond to requests for comment from BI.