Lead: On Dec. 3, 2025, Pentagon investigators concluded that Defense Secretary Pete Hegseth shared sensitive U.S. military information in a private Signal group earlier this year, a move the inspector general says breached department rules and could have placed American service members at risk. The finding, conveyed to Congress in a classified report, traces key material back to a classified email marked SECRET//NOFORN and to a message from then-CENTCOM commander Gen. Michael “Erik” Kurilla. Sources told investigators the chat included senior Trump administration officials and, inadvertently, The Atlantic’s editor in chief.
Key Takeaways
- The Pentagon inspector general determined Hegseth transmitted information derived from a classified email labeled SECRET//NOFORN, which restricts dissemination to U.S. persons and agencies only.
- A classified version of the IG report was delivered to Congress on Tuesday, and sources said an unredacted release was expected later in the week.
- The chat group contained top Trump administration figures and accidentally included Jeffrey Goldberg, editor in chief of The Atlantic, who published a related story in March.
- Sources told investigators that if a foreign adversary had intercepted the Signal messages, the disclosures could have endangered U.S. troops and operations.
- U.S. Africa Command carried out airstrikes near the Golis Mountains in Somalia on March 25; its public release said multiple ISIS–Somalia operatives were killed.
- In response to a March FOIA request, Maj. Gen. Matthew Trollinger of U.S. Africa Command concluded that releasing similar material would foreseeably harm national security under Executive Order 13526.
- White House press secretary Karoline Leavitt said the IG review supports the administration’s view that no classified information was leaked and defended the national security team’s performance.
Background
The episode centers on the use of an encrypted messaging app, Signal, by senior officials to exchange sensitive operational information. Military classification rules bar transmission of certain material on unsecured or personal devices; the label SECRET//NOFORN specifically bars sharing with foreign nationals or entities outside the U.S. government. The Pentagon has long warned that using personal phones or consumer apps for operational details creates vulnerabilities that adversaries could exploit.
Gen. Michael “Erik” Kurilla, while serving as commander of U.S. Central Command, was identified as the original source of information that later appeared in the Signal group. CENTCOM oversees operations across the Middle East and parts of Africa and Central and South Asia, a theater where classified collection and sharing protocols are tightly controlled. The Atlantic published an account in March after its editor became part of the group chat by mistake, triggering wider scrutiny of both the content shared and the channels used.
Main Event
According to two people familiar with the inspector general’s report, investigators found Hegseth used his personal device to forward details derived from a classified email. The information was marked SECRET//NOFORN, meaning it was intended only for U.S. agencies and cleared personnel. Those sources, granted anonymity because the report had not been released publicly, said the IG concluded the transmission violated Defense Department policies governing use of personal devices and handling of classified material.
The Signal group included several senior administration figures; investigators also noted that Jeffrey Goldberg of The Atlantic was accidentally added and subsequently published reporting that brought the exchanges to public attention in March. The IG’s review did not resolve whether Hegseth formally declassified the material before sharing it, the sources said — a separate legal and procedural question that the report left unaddressed.
Days after The Atlantic story, U.S. Africa Command announced coordinated airstrikes near the Golis Mountains in Somalia on March 25, saying multiple ISIS–Somalia operatives were eliminated. CBS News later filed a FOIA request seeking records comparable to details in the Signal chat; U.S. Africa Command’s written reply, signed by Maj. Gen. Matthew Trollinger, concluded release would harm national security and affirmed the material remained properly classified under Executive Order 13526.
The White House responded by arguing the IG’s findings are consistent with the administration’s prior statements that no operative security compromise occurred. Karoline Leavitt’s office emphasized that the president’s national security team continues to safeguard sensitive information, and President Trump publicly expressed support for Secretary Hegseth. Hegseth has not issued a substantive public response to the IG determination; his most public remarks to date included a joking reference to Signal at a recent event.
Analysis & Implications
Operational security hinges on strict control of classified information. The SECRET//NOFORN designation exists to prevent allied and foreign access when disclosure could hinder operations or expose personnel. Sharing such content in a private messaging group — even among senior U.S. officials — increases the risk that adversaries could obtain intelligence about intentions, timing, tactics or targeting, which in turn can endanger forces and ongoing missions.
Beyond immediate force-protection concerns, the finding raises questions about adherence to Department of Defense policies on personal-device use and classified handling. If senior officials use consumer messaging apps for work, it creates a precedent that complicates accountability and may require clearer, enforceable guidance. Legal consequences depend on whether procedures for declassification were followed; the IG’s report appears to focus on policy violations rather than criminal intent.
Politically, the report is likely to intensify oversight pressure from Congress and fuel partisan debate. Supporters of the administration underscore the White House claim that no operational compromise occurred, while critics will point to the IG’s determination that rules were breached and the acknowledged risk to service members. Long term, the episode could prompt new training, tighter technical controls, or stricter limits on what may be shared on personal platforms.
Comparison & Data
| Classification | Typical Access | Potential Harm if Disclosed |
|---|---|---|
| SECRET//NOFORN | U.S. persons/agencies only; no foreign dissemination | Serious damage to national security; tactical exposure |
| SECRET | Cleared personnel and allied partners as authorized | Serious damage; can affect operations, diplomacy |
| UNCLASSIFIED | Public or broad internal use | Low to no national security harm |
The table clarifies why the NOFORN caveat mattered: it prevents sharing even with close allies and restricts dissemination to U.S. agencies. Investigators used that classification tag to assess whether proper channels and protections were bypassed when the material reached the Signal group.
Reactions & Quotes
Official and public reactions have been sharply divergent. The White House framed the IG review as consistent with its earlier statements, while military officials emphasized the risks the IG noted.
“The IG’s review affirms what the Administration has said from the beginning — no classified information was leaked, and operational security was not compromised.”
Karoline Leavitt, White House press secretary
U.S. Africa Command provided a written assessment during a FOIA exchange that underlined the government’s position on preserving classified material.
“I have determined that the release of the documents would foreseeably harm national security.”
Maj. Gen. Matthew Trollinger, U.S. Africa Command (chief of staff)
Unconfirmed
- Whether Hegseth formally declassified the material before posting — the IG report, per sources, did not make a definitive determination on declassification.
- Whether the chat messages were ever intercepted by a foreign government — investigators warned of clear risk, but confirmed interception has not been publicly reported.
Bottom Line
The inspector general’s finding that Hegseth shared information traceable to a SECRET//NOFORN email underscores persistent gaps between classification rules and modern communication habits. Even if no known compromise occurred, the potential for harm is central: protocols exist because operational details can translate quickly into danger for deployed personnel.
Expect intensified congressional oversight, potential policy clarifications on personal-device usage, and renewed emphasis within the Pentagon on training and technical controls. The episode may also prompt the department to codify stricter consequences for mishandling classified material at senior levels, balancing accountability with the realities of how officials communicate.