On Tuesday,The Washington Post published an extensive reportabout a Twitter whistleblower who alleges that the social media company’s executives have misled, well, just about everyone (but especially federal regulators and Twitter’s own board of directors), about its own security issues. The whistleblower complaint details quite a few alleged serious problems at Twitter, including security issues and a lack of resources to fully address disinformation. Notably, the complaint also mentions Twitter’s spam and bot issues. If you’ve been following along with theElon Musk Twitter takeover saga, you know that ascertaining the true number of bots on the bird app has been a particular roadblock for Twitter’s acquisition.
In July, the complaint was filed with two agencies (the Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC), as well as the Department of Justice. And the complaint wasn’t filed by just anybody. The whistleblower was none other than Twitter’s former head of security, Peiter Zatko. Zatko is also a well-respected hacker himself, also known as “Mudge.”
Zatko’s complaint doesn’t just accuse Twitter of misrepresenting its level of security and of being in breach of its settlement with the FTC. The complaint contains lots of alleged security issues and problems at Twitter. Let’s take a look at some of them.
Here are some of the serious security issues alleged in the complaint as reported by The Washington Post:
And here are some other non-security, yet-still-concerning issues the complaint brought up about Twitter:
You’re probably wondering if, among the laundry list of allegations against Twitter, if there’s anything in Zatko’s whistleblower complaint that could affect Twitter’s current legal fight to force Tesla CEO Elon Musk to honor their prior agreement forMusk to purchase the bird app. The complaint does mention a bit about Twitter’s spam and bot issues (which Musk was famously loudly concerned about), but we don’t know for certain yet how that will shake out in the actual legal proceedings. Here’s what we do know:
These revelations could hurt Twitter’s case against Musk, if proven to be true.
The complaint itself does allege that Zatko tried to find out exactly how common bots and spam were on Twitter as a whole but was ultimately unable to obtain a clear answer. According to The Washington Post, Zatko indicates that (according to a “sensitive source”) “Twitter was afraid to determine that number because it ‘would harm the image and valuation of the company.'”
The complaint is also quoted in the article as saying the following about Twitter and itsCEO’s responses to earlier allegationsabout the bird app’s reported bot percentage estimates:
“’Agrawal’s Tweets and Twitter’s previous blog posts misleadingly imply that Twitter employs proactive, sophisticated systems to measure and block spam bots,” the complaint says. “The reality: mostly outdated, unmonitored, simple scripts plus overworked, inefficient, understaffed, and reactive human teams.’”
If true, the above revelations about the true number of bots on Twitter (and how they’re counted and blocked) could hurt Twitter’s case against Musk, as Musk cited concerns about the validity of Twitter’s bot percentage estimates among the reasons why he no longer wanted to purchase the company. And if Twitter’s reported bot estimate percentages prove to be inaccurate, that’s a violation of the acquisition deal Musk and Twitter struck, which could mean Musk may not have to go through with the deal after all.
NEW: Musk lawyer Alex Spiro said they want to talk to Twitter whistleblower.
“We have already issued a subpoena for Mr. Zatko, and we found his exit and that of other key employees curious in light of what we have been finding.”
— Donie O'Sullivan (@donie)August 09, 2025
And it looks like Musk’s legal team is already interested in Zatko’s allegations. According toa tweet posted by CNN correspondent Donie O’Sullivan, a lawyer for Elon Musk named Alex Spiro said the following:
