“Having the best spies, the best collection systems, and the best analysts will not help an intelligence service if it leaks like a sieve,” the former CIA speechwriter Charles E. Lathrop remarked in The Literary Spy, a book of quotations about espionage that he compiled. Lathrop, who wrote under a pseudonym, was making a point about counterintelligence—the flushing out of enemy spies and leakers who might compromise a spy agency’s precious secrets. Counterintelligence, Lathrop observed, “is the kidneys of national security: necessary, but unheralded until something goes wrong.”

These days, something looks to have gone very wrong—with the kidneys and maybe with the brain, too.  

To protect secrets, people who will be handling classified information or assuming positions of trust within intelligence agencies are vetted, often by law-enforcement agents, who interview friends and co-workers, review travel histories, and analyze financial information to determine whether someone might make an attractive recruit for a foreign intelligence service. Perhaps he’s in debt and would be willing to sell sensitive information. Or maybe she harbors some allegiance to a hostile country or cause and might be willing to spy for it. Looking for these red flags is counterintelligence 101, an imperfect, laborious, and invasive process that American presidents of both major parties have nevertheless accepted as the cost of doing intelligence business.

[David Deming: DOGE is failing on its own terms]

But the legion of Elon Musk acolytes who have set up shop inside federal agencies in the past few weeks do not appear to have been subjected to anything approaching rigorous scrutiny. President Donald Trump has also nominated to key national-security positions people whose personal and financial histories contain at least caution flags. This deviation from past practice has created a new kind of counterintelligence predicament, officials and experts have told me. Rather than staying on high alert for hidden threats, the counterintelligence monitors have to worry about the people in charge.

The public knows very little about how, or if, staff at the new Department of Government Efficiency that Musk runs were vetted before they obtained access to the Treasury Department’s central payment system or the files of millions of government employees at the Office of Personnel Management. These two databases could help U.S. adversaries uncover the identities of intelligence officers and potentially their sources, people with knowledge about how the systems are set up told me.

Precisely what the DOGE teams are doing with this information, whom they’ve shared it with, and whether they have adequately protected it from falling into the wrong hands remains unknown. But the risks posed by this direct access to the government’s central nervous system are entirely foreseeable.

“The fact that people are getting access to classified and personally identifiable information who are not being vetted by our national-security system means it is more likely that there are going to be damaging leaks,” Tim Naftali, a counterintelligence expert and presidential historian at Columbia’s School of International and Public Affairs, told me.

Why would President Trump, who is the ultimate arbiter of who gets to see classified information, take such risks? One answer is rooted in his historic distrust of the FBI, whose agents traditionally conduct background investigations of senior administration officials as they assume their posts. Trump views the bureau as a hotbed of disloyal conspirators. During the presidential transition, he reportedly resisted efforts to allow FBI background checks, and how thoroughly members of his administration were vetted, if at all, is still not clear.

Animus and mistrust likely guide the president’s decisions here. He has publicly seethed at the agents who searched his Florida home, as part of an investigation that led to felony charges for mishandling national-security information after he left office. The agents who worked on that case are assigned to a counterintelligence squad at the FBI’s Washington field office, and the White House is trying to fire them. These agents routinely investigate threats to U.S. national security, and removing them would at least temporarily stall their efforts.

“In his dark passion for retribution, Trump is making his own government, which is our government, more vulnerable to adversarial penetration,” Naftali said.

Security risks now pervade the federal government, thanks largely to a cadre of youngsters, some barely out of high school, whom Musk has deployed inside federal agencies, ostensibly to identify wasteful government spending. In addition to the Treasury Department and the Office of Personnel Management, DOGE agents have reportedly accessed information networks at the State Department, the Centers for Disease Control and Prevention, the Centers for Medicare & Medicaid Services, the Commerce Department, the Education Department, and the Energy Department, among others. Musk has further plans to send teams to other major organizations, including the Pentagon.

[Read: The government’s computing experts say they are terrified]

As his teams fan out, the kidneys of counterintelligence are backing up.

At Treasury, a security team warned that DOGE employees’ access to a central government payment network presents an “unprecedented insider threat risk,” The Washington Post reported last week. The government defines an insider threat as “someone with regular or continuous access” to a computer system who could exploit the information for criminal purposes, leak it to unauthorized parties, or sell it to a foreign government. Edward Snowden, the government contractor who disclosed classified information about NSA surveillance to journalists and who now lives in Russia, is the classic modern example.  

Two intelligence officials told me that the Treasury system, which processes more than $5 trillion in payments each year, contains sensitive national-security information. It could be used to uncover the identities of U.S. intelligence officers—who are after all paid from the Treasury—as well as people or organizations who are paid to spy on behalf of the United States.

These names are not explicitly identified as intelligence assets in the Treasury network, but an adversary with the time and know-how could use the Treasury data, possibly in concert with other information, to discover classified identities, the officials indicated. According to the Post, a senior career official at the department raised such concerns in a letter to Treasury Secretary Scott Bessent. The official recommended some unknown mitigating steps that Bessent reportedly approved.

At the Office of Personnel Management, DOGE employees gained access to information, including addresses and salary history, about Treasury and State Department employees working in “sensitive security positions,” the Post also reported. Personnel data are another puzzle piece that could allow an adversary to identify who works for the intelligence community, and potentially in what country they’re stationed.

“Little pieces of information matter a lot when they’re put together with other little pieces of information,” Joel Brenner, who was in charge of U.S. counterintelligence policy under Presidents George W. Bush and Barack Obama, told me. This is standard intelligence tradecraft. “That’s how we do it. That’s how every intelligence service does it,” Brenner said.

The Office of Personnel Management is not known for its counterintelligence prowess. A decade ago, Chinese hackers breached the agency’s computer networks and stole the records of millions of U.S. government employees, in one of the great espionage coups of recent history. As I reported at the time, officials had earlier resisted a plan to merge a system known as Scattered Castles, which contained the records of intelligence-agency personnel and others who held security clearances, with OPM’s system, fearing exposure in just this scenario.

Their concerns proved prescient, and today, Scattered Castles remains segregated from OPM’s systems—fortunately, given recent reports that Musk’s team has connected its own server to OPM’s systems, which could open a gateway for foreign hackers to again burrow in.

Yet intelligence-personnel records may still be at risk. Last week the CIA sent OPM a list of names of new CIA officers via an unclassified email, people familiar with the matter told me. The CIA sent only the officers’ first names and the first initial of their last names. But even those fragments of information could be useful to foreign spies.

Over the weekend, a former senior CIA official showed me the steps by which a foreign adversary who knew only his first name and last initial could have managed to identify him from the single line of the congressional record where his full name was published more than 20 years ago, when he became a member of the Foreign Service. The former official was undercover at the time as a State Department employee. If a foreign government had known even part of his name from a list of confirmed CIA officers, his cover would have been blown. The cover of a generation of young intelligence officers now appears to depend on whether Musk’s DOGE kids are, with no obvious experience in such matters, properly handling and protecting the information that the CIA sent them.  

How trustworthy are Musk’s employees? Early reports suggest that if they had been subject to traditional background checks, which they apparently were not, some of them would have had trouble passing. One standout in this regard, Edward Coristine, a 19-year-old DOGE member who has used the online handle “Big Balls,” was fired from an internship after he was accused of sharing proprietary information with a competitor, Bloomberg reported. After he was dismissed, the former intern bragged on an online chat platform that he “had access to every machine” and could have deleted crucial data from the company’s servers. “I never exploited it because it’s just not me,” Coristine reportedly wrote. This is the textbook definition—indeed, the U.S. government’s definition—of an insider threat.

The cybersecurity journalist Brian Krebs has written that Coristine was affiliated with a community of chat channels “that function as a kind of distributed cybercriminal social network.” Coristine, who was first identified not in a government announcement but by investigative reporters at Wired, founded a company that “controls dozens of web domains, including at least two Russian-registered domains,” the publication reported. Coristine has recently been named a senior adviser at the State Department, according to the Post.

[Read: If DOGE goes nuclear]

Government computer-security experts are worried that DOGE members could corrupt vital technology systems. “Musk and his crew could act deliberately to extract sensitive data, alter fundamental aspects of how these systems operate, or provide further access to unvetted actors,” my colleagues wrote in The Atlantic last week. An insider need not even behave maliciously to cause havoc. DOGE agents, who are overwhelmingly young with little professional experience or familiarity with older government systems, “may act with carelessness or incompetence, breaking the systems altogether. Given the scope of what these systems do, key government services might stop working properly, citizens could be harmed, and the damage might be difficult or impossible to undo.”

The counterintelligence risks don’t extend only to unchecked young people with the keys to the government’s kingdoms of data. Some of Trump’s Cabinet nominees—including those for two national-security positions—raise classic red flags.

According to his financial disclosure forms, Kash Patel, Trump’s nominee to run the FBI, was paid $25,000 last year by a film company owned by a dual U.S.-Russian citizen that has made programs promoting “deep state” conspiracy theories pushed by the Kremlin, the Post reported. Receiving money from a foreign government is a basic risk factor because it raises questions about whether a government employee’s favor or influence can be bought.

The resulting six-part documentary appeared on Tucker Carlson’s online network, itself a reliable conduit for Kremlin propaganda. In the film, Patel made his now infamous pledge to shut down the FBI’s headquarters in Washington and “open it up as a museum to the ‘deep state.’” The FBI is one of the Russian intelligence services’ main targets for espionage.

On his disclosure forms, which were made public only after he testified in his Senate confirmation hearing, Patel describes the payment as an “honorarium.” That term traditionally implies a nominal or even negligible sum of money, which this was not. He also listed consulting work for clients that include the Qatari embassy and said that he would keep his stock in the Cayman Islands–based parent company of the clothing brand Shein, which was founded in China.

According to his financial disclosure forms, Robert F. Kennedy Jr., Trump’s nominee to run the Health and Human Services Department, is saddled with up to $1.2 million in credit-card debt. Owing money is another risk factor because it might induce people to accept funds in exchange for sensitive information. Investigators examine bank records, credit-card statements, and other financial documents to determine how much debt a security-clearance applicant carries and its proportion to his level of income.

Allegiance or even sympathy to a hostile power is yet another warning sign. Tulsi Gabbard, Trump’s director of national intelligence, has drawn widespread criticism for her statements supporting Russian President Vladimir Putin as well as her 2017 meeting with Syria’s then-president, Bashar al-Assad. More alarming, the Post found evidence that Gabbard tried to obfuscate details about the nature of her encounters with the Syrian dictator from congressional investigators and may have lied to her staff. Having a history of shady meetings with any foreign national, much less the head of a country, is a great way not to be approved for a security clearance. (Just ask Trump’s son-in-law Jared Kushner, whose own opaque interactions with foreign officials temporarily stopped him from obtaining a clearance in the first Trump administration.)

During her confirmation hearing, Gabbard resisted entreaties from her fellow Republicans and Democrats—with whom she used to caucus when she was a member of Congress—to condemn Edward Snowden’s leaks and label him a “traitor.” Gabbard, who has long praised Snowden as a courageous whistleblower and called on Trump to pardon him, would say only that he “broke the law,” an obstinate position that left the distinct impression she approves of what Snowden did. Nevertheless, today the Senate voted largely along party lines to confirm Gabbard’s nomination as the nation’s top intelligence official.

Traditionally, counterintelligence officials have judged people whose ideology mirrors that of an adversarial state, or who have financial conflicts of interest, to be at higher risk of becoming spies or leaking secrets. “At the moment, that’s the population from which President Trump is selecting his most powerful and influential members of his administration,” Naftali told me.

[Read: It’s time to worry about DOGE’s AI plans]

Trump’s assault on the country’s national-security agencies stems from a distrust that millions of Americans share, Jeffrey Rogg, an intelligence historian at the University of South Florida, told me. Trump has repeatedly said—accurately—that the intelligence community often falls short of its basic obligation of keeping the United States from being taken by surprise by the country’s adversaries. And the agencies have failed several times to root out their own insider threats. Those counterintelligence debacles shake public confidence and bolster Trump’s critique that the intelligence agencies are dysfunctional and even corrupt.

At the same time, many career intelligence officers don’t trust the president or the people he has chosen to lead. They believe that Trump has misled the public about what the intelligence agencies are really there to do. And these, too, are accurate complaints, shared by many Americans.

Intelligence agencies depend on trust, both in their own employees and from the public. That confidence is disintegrating. As Rogg told me, “This is where we’re going to be our own worst enemies.”

The Kremlin says Ukrainian forces will be 'destroyed' or pushed out of seized Russian territories.