Also more vulnerable to prompt injection than the frontier models, which are still vulnerable, but less so.