By Katie Bo Lillis, Phil Mattingly, Natasha Bertrand and Zachary Cohen, CNN

Washington (CNN) — The CIA is conducting a formal review to assess any potential damage from an unclassified email sent to the White House in early February that identified for possible layoffs some officers by first name and last initial and could’ve exposed the roles of people working undercover, a source familiar with the matter told CNN.

That’s just one of multiple aftershocks from President Donald Trump’s push to take a jackhammer to the federal government – including the CIA. The administration’s efforts to cut the workforce and audit spending at the CIA and elsewhere threaten to jeopardize some of the government’s most sensitive work, current and former US officials familiar with internal deliberations say.

Across the river in Washington, a senior career Treasury Department official delivered a memo warning Treasury Secretary Scott Bessent that granting a 25-year-old computer engineer with Elon Musk’s Department of Government Efficiency access to the government’s ultra-sensitive payments system risked exposing highly classified CIA payments that flow through it.

And on the CIA’s 7th floor — home to top leadership — some officers are also quietly discussing how mass firings and the buyouts already offered to staff risk creating a group of disgruntled former employees who might be motivated to take what they know to a foreign intelligence service.

Taken together, those actions highlight the depth of unease among career officials that Trump’s efforts to speedily slim down the US government may be putting American secrets within the grasp of foreign spies and hackers.

‘The position is now burned’

In an effort to comply with an executive order to downsize the federal workforce, the CIA earlier this month sent the White House an extraordinarily unusual email listing all new hires that have been with the agency for two years or less — a list that included CIA officers who were preparing to operate under cover — over an unclassified email server.

The agency is now considering whether some of the employees listed in the email to the White House who were previously slated for covert deployments in sensitive locations overseas should now be held back or reassigned, sources familiar with the matter said, because the risk that their identity may have been exposed to foreign government hackers is too high.

There is also a concern that some US embassy positions that are actually filled by CIA officers under cover may now be at risk of being revealed — potentially angering the host nation and exposing companies or endangering CIA assets who are known to have met with past occupants of the role.

The internal review — known as a damage assessment — will almost certainly assess not only whether individual officers are now at risk if they go to their intended posting, but whether the positions themselves have been compromised and can no longer be filled by agency officers going forward, former intelligence officials said.

“Your predecessor was in that position, as were the five officers before them. Now the host country and adversaries know this person going to this position in the embassy is agency,” said one former CIA officer, speaking hypothetically. “They now assume the predecessors were the same [and] work backwards and find out their collective footprint.”

“The position is now burned.”

Fired employees create security risks

Meanwhile, as the CIA weighs staff cuts, current and former intelligence officials say that mass firings could offer a rich recruitment opportunity for foreign intelligence services — like China or Russia — who may seek to exploit financially vulnerable or resentful former employees. The Justice Department has charged multiple former military and intelligence officials for providing US intelligence to China in recent years.

The agency has already fired more than 20 officers for their work on diversity issues, many of whom are now challenging their dismissal in court. The government has said in court filings that it is still weighing additional cuts to comply with Trump’s order to end all diversity work across the federal government. And sources say that career officials at the agency are also working on recommendations about which probationary staff whose names were emailed to the White House should be dismissed. A final number has yet to be determined, one of these people said. None have been accused of misconduct or fired for cause.

But, unlike most other fired federal employees, all of those people have had access to classified information about the agency’s operations and tradecraft.

“Terminating someone who works for Department of Agriculture — even if they’re disgruntled, if they’re not accessing classified information, what’s the risk?” one US official said.

With the CIA and other intelligence agencies, “you take whatever number of employees who are gonna get cut loose and they have knowledge of sensitive programs — that by definition is an insider risk,” this person said. “You’re just rolling the dice that these folks are gonna honor their secrecy agreement and not volunteer to a hostile intelligence service.”

As a result, some officials are considering how to treat those employees who are inevitably fired or elect to take a buyout — including whether to allow them to access agency buildings at all, another person familiar with the discussions said.

The notion that a person fired from the CIA — even for cause — will take what they know to a foreign government isn’t new, former officials noted. When a top aide to the agency’s deputy director was indicted for fraud in 2009 after putting personal expenses on an agency credit card — charges that were expected to render him basically unemployable — senior leaders at the time fretted that he might offer himself up to the highest bidder, current and former officials familiar with the episode said.

But ultimately, the first official said, there’s not much that the agency can do legally to monitor former employees or mitigate the risk.

Another US official sympathetic to Trump’s efforts noted that the kind of person who might do such a thing is precisely the type the agency should be removing from its ranks.

But that doesn’t mean that the threat isn’t real — and, some current and former officials said, self-inflicted.

“I’m not sure the administration really understands [that risk] and moreover, even if they understand, it’s not clear they care,” the first official said. But the risk is “real.”

Exposing covert payments

Career officials have also moved to mitigate what they see as potential counterintelligence risks stemming from the work done by Musk’s DOGE.

When Bessent signed off on access for DOGE officials to the government’s payment system, intelligence officials immediately flagged that the system isn’t just used for Social Security and Medicaid payments. It’s also used to funnel intelligence community payments — including the CIA’s — whether through front companies or real commercial entities that the intelligence community partners with on sensitive programs.

“Literally every payment the US government makes goes through that system. Every. One,” one source familiar with the matter told CNN.

Access granted to individuals without training or experience in the systems, former Treasury officials said, risked exposing a roadmap for foreign intelligence services seeking to build out their understanding of who is receiving funds, in what amounts, and for what purposes.

Those concerns were delivered directly to Bessent shortly after his Senate confirmation in a memo from a senior career Treasury official, according to three people with knowledge of the matter.

The memo included a series of risk-mitigation suggestions, all of which Bessent signed off on, one of the people said.

A recent sworn declaration filed in court by the career Treasury official who oversees the Bureau of the Fiscal Service’s information and security operations provided a window into the potential risks, which included “access to sensitive data elements, insider threat risk, and other risks that are inherent to any user access to sensitive IT systems.”

Joseph Gioeli, the Fiscal Service’s Deputy Commissioner for Transformation and Modernization, also detailed expansive security infrastructure urgently built around Marko Elez, a DOGE engineer granted “read-only” access to the systems.

That included cybersecurity tools built onto Elez’s only point of entry into the payments system – a provided laptop. The laptop tools allowed security officials to monitor the DOGE engineer’s usage “at all times and continuously log his activity.” The laptop’s security configuration blocked USB and mass storage devices, barred access to cloud-storage services and monitored any scripts or commands executed by the employee.

Data exfiltration detection, which would alert security officials to any effort to transmit sensitive types of data, was also built into the architecture.

The DOGE official agreed to provide an attestation at the end of the work “that any copies of Treasury information made would be properly destroyed, and confirmation that no suspicious or unauthorized access to Bureau information or data had occurred during the engagement,” according to the court filing.
Senior Fiscal Service officials “were fully aware of the risks presented by Mr. Elez’s work and sought to mitigate those risks to the extent possible.”

Meanwhile, at Langley, near-daily rumors continue to swirl that Musk’s DOGE warriors — or Musk himself — will turn up, sparking speculation about whether they or he will actually be let inside.

The-CNN-Wire
™ & © 2025 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.