diff --git a/changelog.mdx b/changelog.mdx
index b51afc9..16ec9eb 100644
--- a/changelog.mdx
+++ b/changelog.mdx
@@ -22,6 +22,16 @@ export const STAGE_SELF_MANAGED_M66 = "$0.0001";
   usezombie is in **stealth-mode testing** and pre-production. APIs and agent behavior may change between releases without long deprecation windows. Email [usezombie@agentmail.to](mailto:usezombie@agentmail.to) if you want a hand calibrating an agent or to join as a design partner.
 </Tip>
 
+<Update label="Jun 11, 2026" tags={["Internal", "Security"]}>
+  ## Groundwork for kernel-enforced egress allowlists on sandboxed runners
+
+  Runner network posture is now selected through the `RUNNER_NETWORK_POLICY` environment variable instead of being hard-wired. Nothing changes in this release — the default posture is exactly today's behavior, and the enforced mode stays off until its kernel-level enforcement arrives in an upcoming release.
+
+  - **`allow_all`** — the default, and what an unset variable resolves to: full outbound access, unchanged from today.
+  - **`deny_all_egress`** — no outbound network at all.
+  - **`allow_list_egress`** — outbound only to permitted destinations; deliberately fails closed with `UZ-RUN-007` until enforcement lands, so it never silently pretends to enforce.
+</Update>
+
 <Update label="Jun 10, 2026" tags={["What's new", "API"]}>
   ## Take runners out of rotation from the Dashboard