From 5127f44ab3104c0a62ea26576746cf3a58747249 Mon Sep 17 00:00:00 2001
From: Jean-Gabriel Gill-Couture <jg@nationtech.io>
Date: Fri, 6 Jun 2025 13:56:40 -0400
Subject: [PATCH] docs: Add note about pod privilege escalation in ADR 011
 Tenant

---
 adr/011-multi-tenant-cluster.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/adr/011-multi-tenant-cluster.md b/adr/011-multi-tenant-cluster.md
index 73cd824..88fb0ea 100644
--- a/adr/011-multi-tenant-cluster.md
+++ b/adr/011-multi-tenant-cluster.md
@@ -137,8 +137,9 @@ Our approach addresses both customer and team multi-tenancy requirements:
 ### Implementation Roadmap
 1. **Phase 1**: Implement VPN access and manual tenant provisioning
 2. **Phase 2**: Deploy TenantScore automation for namespace, RBAC, and NetworkPolicy management
-3. **Phase 3**: Integrate Keycloak for centralized identity management
-4. **Phase 4**: Add advanced monitoring and per-tenant observability
+4. **Phase 3**: Work on privilege escalation from pods, audit for weaknesses, enforce security policies on pod runtimes
+3. **Phase 4**: Integrate Keycloak for centralized identity management
+4. **Phase 5**: Add advanced monitoring and per-tenant observability
 
 ### TenantScore Structure Preview
 ```rust