diff --git a/scripts/container-specs.sh b/scripts/container-specs.sh
index fa875e67..77907582 100755
--- a/scripts/container-specs.sh
+++ b/scripts/container-specs.sh
@@ -494,8 +494,8 @@ load_spec_archy-bitcoin-ui() {
   SPEC_MEMORY="$(mem_limit archy-bitcoin-ui)"
   SPEC_TIER="4"
   SPEC_LOCAL_IMAGE="true"
-  SPEC_CAPS=""
-  SPEC_SECURITY=""
+  SPEC_CAPS="CHOWN SETUID SETGID"
+  SPEC_SECURITY="no-new-privileges:true"
 }
 
 load_spec_archy-lnd-ui() {
@@ -506,8 +506,8 @@ load_spec_archy-lnd-ui() {
   SPEC_MEMORY="$(mem_limit archy-lnd-ui)"
   SPEC_TIER="4"
   SPEC_LOCAL_IMAGE="true"
-  SPEC_CAPS=""
-  SPEC_SECURITY=""
+  SPEC_CAPS="CHOWN SETUID SETGID NET_BIND_SERVICE"
+  SPEC_SECURITY="no-new-privileges:true"
 }
 
 load_spec_archy-electrs-ui() {
@@ -518,8 +518,8 @@ load_spec_archy-electrs-ui() {
   SPEC_MEMORY="$(mem_limit archy-electrs-ui)"
   SPEC_TIER="4"
   SPEC_LOCAL_IMAGE="true"
-  SPEC_CAPS=""
-  SPEC_SECURITY=""
+  SPEC_CAPS="CHOWN SETUID SETGID"
+  SPEC_SECURITY="no-new-privileges:true"
 }
 
 # ── Registry ─────────────────────────────────────────────────────────