This whole scenario has amazed me coming from an IT background. How do top-level officials make such a simple opsec mistake of letting an incorrect person join a small group chat?

And then of course, there's the matter of saying it was a "Signal" vulnerability afterwards to take the heat off of them more than likely. Yikes.