Twitter Whistleblower Warns of National Security Risk, Alleges Executive Negligence

An explosive whistleblower complaint by Twitter’s former security chief has rocked the tech world and raised alarms on Capitol Hill. The 84-page report filed by Peiter “Mudge” Zatko, a well-known cybersecurity expert, outlines sweeping allegations of corporate dysfunction, data mismanagement, and even foreign infiltration inside the social media giant.

Zatko, who served as Twitter’s head of security from 2020 to 2022, claims the company’s internal practices pose not just a risk to user privacy, but a direct threat to national security.

Allegations of Widespread Negligence

In his filing with U.S. federal authorities, Zatko accuses Twitter of operating with outdated software, insecure infrastructure, and a startling lack of internal controls. Nearly half of the company’s servers, he claims, run outdated or unpatched software, some lacking even basic encryption.

One of the most alarming claims is that Twitter employees may be working for foreign intelligence services, with Zatko stating this elevates the matter far beyond corporate irresponsibility.

“Too many employees had access to critical systems without oversight,” Zatko warns. “That’s a disaster waiting to happen.”

He also accuses Twitter of being out of compliance with a 2010 FTC settlement, which required the company to implement a comprehensive information security program. According to Zatko, not only did Twitter fall short of this obligation—it misled regulators and independent auditors about its efforts.

User Data, Bots, and Broken Promises

Zatko’s report paints a bleak picture of how Twitter handles user data. He asserts the company lacks the technical ability to honor data deletion requests and often “loses track” of where personal data is stored.

Furthermore, Zatko claims Twitter does not have accurate systems in place to assess the number of fake or bot accounts on the platform. This allegation ties directly into Elon Musk’s now-infamous attempt to terminate his $44 billion acquisition deal, citing concerns over spam accounts.

Claims of Foreign Interference and Internal Cover-Ups

Zatko’s report also alleges that foreign governments were allowed to infiltrate or manipulate Twitter’s platform and operations, with certain regimes surveilling users or even controlling platform content. When Zatko attempted to raise these concerns internally, he claims executives suppressed or misrepresented his findings to the board.

Executive Bonuses Over Cybersecurity

Perhaps most damning is Zatko’s assertion that Twitter executives prioritized rapid growth and their own bonuses—some worth up to $10 million—over user protection. Investments in security, he suggests, were routinely sidelined to keep user metrics and engagement numbers high.

Twitter Pushes Back

In a statement to employees, Twitter CEO Parag Agrawal dismissed the allegations, characterizing Zatko as a disgruntled former employee who was fired for “poor performance.”

There are accusations being made about Twitter’s privacy and security. Here’s what I want to share with you all: https://t.co/4ZzrPf6qCM

— Donie O’Sullivan (@donie) August 23, 2022

Agrawal insists the company has addressed many of the concerns raised and continues to invest in security infrastructure. He portrayed Zatko’s account as “riddled with inconsistencies.”

Capitol Hill Responds

The allegations have triggered swift responses from lawmakers across party lines. Senator Richard Durbin (D-IL), Chairman of the Senate Judiciary Committee, confirmed a formal investigation is underway.

The whistleblower’s allegations are serious, and we will take them seriously. That’s why I’m launching an investigation into Twitter’s practices.

— Senator Dick Durbin (@SenatorDurbin) August 23, 2022

Durbin’s statement highlights the bipartisan concern over what could be one of the most consequential tech whistleblower complaints since Facebook’s Frances Haugen.

Toward a Reckoning

This controversy could mark a defining moment for Twitter. As federal investigations unfold and public scrutiny intensifies, the platform now faces demands to not only rebuild trust but prove it can responsibly steward user data—and uphold its role in democratic discourse.