diff --git a/static/releases.html b/static/releases.html
index ff26648f..065aba34 100644
--- a/static/releases.html
+++ b/static/releases.html
@@ -808,7 +808,7 @@
                         <li>remove our USB peripheral security setting on devices supporting our much better USB-C port mode (Pixel 6 and later)</li>
                         <li>extend USB-C port setting to also handle pogo pins on the Pixel Tablet</li>
                         <li>kernel (5.10, 5.15, 6.1, 6.6): replace our deny_new_usb feature with a new deny_new_usb2 feature also disabling USB gadgets</li>
-                        <li>extend USB-C port setting to enable deny_new_usb2 as a second layer of defense disabling new USB connections and then USB data at a hardware level, in case the USB controller is compromised or doesn't work correctly</li>
+                        <li>extend USB-C port setting to enable deny_new_usb2 as a second layer of defense disabling new USB connections in the kernel (the existing implementation disables new connections and USB data at a hardware level via the USB controller, which disables more attack surface, but we want to keep around the higher level kernel approach too)</li>
                         <li>Files: fix upstream null pointer exception triggered on resuming activity</li>
                         <li>Settings: require user authentication for changing auto-reboot, USB peripheral and USB-C port security settings</li>
                         <li>Settings: avoid prompting for user authentication when selecting the same value as before for GrapheneOS settings requiring it</li>