Specific flaws alleged by critics and whistleblowers include failed red-team tests, with a government ”red team” simulating a cyberattack reportedly gaining ”privileged access” to One Login systems during a test in March 2025. Davis has also alleged, citing whistleblower reports, that development work on the platform was conducted on ”unsecured workstations in Romania” by contractors who had not received security clearance. The system has allegedly missed a 2025 deadline for securing\”critical systems” and, according to one whistleblower, will not pass all key security tests until March 2026.