diff --git a/docs/assumptions.md b/docs/assumptions.md
index 8409df686..61c53f1c9 100644
--- a/docs/assumptions.md
+++ b/docs/assumptions.md
@@ -85,8 +85,10 @@ proposal and a DAO that offsets operational costs and rewards operators.
 
 ## Uncompromised hosts
 
-This should go without saying - we assume that an adversary cannot read or write host memory, execute code, or otherwise
-compromise the running host operating system or platform while or after the node is running.
+This should go without saying - in the context of a single node, we assume that an adversary cannot read or write host
+memory, execute code, or otherwise compromise the running host operating system or platform while or after the node is
+running. If a supermajority of nodes is compromised, an attacker can produce arbitrary VAAs. If a superminority of nodes
+is compromised, the network may no longer achieve consensus.
 
 Contrary to popular belief, hardware security modules do _not_ significantly change the risks associated with host
 compromise when dealing with cryptocurrency keys. A compromised host could easily abuse the HSM as a signing oracle,