National Security Adviser Mike Waltz is under the gun after inadvertently including a journalist in a group text on Signal that Trump administration officials used to discuss military strikes in Yemen. But the Trump administration’s response and the growing public discourse is leaving the White House vulnerable to a large-scale cyber incident, experts say.

News of the chat log on the encrypted messaging app broke after The Atlantic’s Jeffrey Goldberg published a report earlier this week laying out how he was mistakenly added to the group chat that included senior officials such as Defense Secretary Pete Hegseth and Vice President J.D. Vance.

According to Goldberg, the conversation revealed what he said was “precise information about weapons packages and targets” ahead of a strike on Houthi compounds. His report is leading to questions about whether Hegseth included in the text chain confidential information. Hegseth and the White House maintain he did not.

Much of the public response has focused on Goldberg, who has a prickly relationship with President Donald Trump. He endorsed then-Secretary of State Hillary Clinton in the 2016 election and called Trump the “enemy of fact-based discourse.”

The feeling is mutual for the president, who labeled Goldberg a “sleazeball” during an appearance on the “VIince Show” podcast on Wednesday. Waltz has struggled to explain himself, saying on Fox News he “didn’t see this loser in the group,” in reference to Goldberg.

Making the issue a political dogfight is preventing White House officials from getting on top of the more pressing issue of how to use more secure communications, said Carlos Perez, director of security intelligence at cybersecurity firm TrustedSec.

“I have not heard anyone mention — ‘Yes, we’re going to do an investigation and yes we are going to take steps to see if there is any other collateral damage that has happened,’ ” Perez said. “Instead, what we’re seeing is a deny and attack, which is worrisome.”

Hashing out operational plans on Signal puts the White House in a vulnerable position, Perez said. A thorough probe would give investigators “access to all of the devices from all of these people to see if any other information that has been exposed,” he added.

Going that route would help prevent any more leaks and keep information that needs to be secure protected, Perez said.

The contact of some of the officials on the Signal text chain — including phone numbers and email addresses — can be found online, German newspaper Der Spiegel reported Wednesday. Hackers often can use a combination of those two pieces of information to gain access to a person’s social media apps.

Wired reported recently that Waltz, White House chief of staff Susie Wiles and other officials, left sensitive information exposed on popular mobile-payment service app Venmo. Waltz’s account made public the names and identities of personal and professional associates, according to Wired.

Signal has become a popular form of communication in Washington in the last several months because of a massive Chinese government-associated breach of U.S. telecommunications network that gave hackers access to phone records of senior U.S. political figures, including Trump and Vance.

Afterward, U.S. officials recommended Americans use encrypted platforms like Signal to protect from hackers. While cybersecurity experts often express support for end-to-end encryption, they also argue a person’s information is only as secure as their phone.

Signal defended its model after Goldberg’s report. CEO Meredith Whittaker posted on social media that the app is the “gold standard in private comms.” She did not directly mention the report.

One of the biggest risks is where data is stored, Jacob Williams, a former hacker at the NSA, said.

“People can link Signal messaging to a desktop application,” he told Politico. “This means that Signal data is being delivered to potentially multiple desktop and laptop computers where it isn’t being stored in a phone’s secure enclave. That data is then at risk from commodity malware on the system.”

Signal is not “accredited for classified data,” Williams said.

Typically, senior officials use what are called sensitive compartmented information facilities — or SCIFs — that are designed to prevent spies from listening to their communications. Perez said there are secure information networks as well that officials can use to communicate.

Unfortunately, those processes can add friction to a dynamic situation — like a missile strike on an adversary, Perez said. The urge to find shortcuts to make the process faster can be overwhelming, so finding ways of maintaining security while speeding up the process is a challenge.

But ultimately a “run-and-gun” culture is not ideal in trying to establish operational security, he said.

CIA Director John Ratcliffe told senators this week that use of Signal is legal, arguing the Biden administration approved the message system’s use.

The app was used during the previous administration, but only to notify staff of an emergency situation, a former White House official told The Washington Post. The official, who spoke anonymously out of concern of losing a security clearance, also said she worried, “about the ability of a foreign nation to be able to penetrate any of our unclassified tech.”

A federal judge is ordering the Trump administration to preserve records of the Signal text chat after nonprofit watchdog American Oversight requested the order.

Have a news tip? Contact Christopher White at cdwhite@sbgtv.com.