This market resolves YES if, by December 31, 2035, it is publicly revealed that the Signal messaging application contained a security vulnerability that was:

• Previously known to Signal's development team

• NOT publicly disclosed within 90 days of discovery

• Later revealed through whistleblowing, investigative reporting, leaked documents, or official admission

• Classified as High or Critical severity (CVSS 7.0+) or could have compromised user privacy/message confidentiality

Examples that would trigger YES:

• Internal Signal documents leaked showing they knew about a vulnerability but didn't disclose it

• Former Signal employees revealing they were aware of security issues that weren't made public

• Government agencies admitting they had knowledge of Signal vulnerabilities they didn't report

• Academic researchers revealing they privately reported vulnerabilities that Signal never acknowledged publicly

Exclusions:

• Vulnerabilities that were properly disclosed through responsible disclosure processes

• Issues discovered and patched before any third party became aware

• Theoretical vulnerabilities never actually present in released versions

• False claims or unsubstantiated allegations

The market resolves NO if no credible evidence emerges of such undisclosed known vulnerabilities by the deadline.