Thankfully, the network I have the Atomic Pi on currently is well segregated (multiple routers separating layers and firewalls at all levels), and so far, so good. Also, I think I may have found a workaround, the network PXE boot can be disabled in the BIOS, along with the UEFI network stack. Do you think that would be enough to close that vector for potential attack? Here is a pic of the BIOS menu for that:
