diff --git a/.github/workflows/ci-build-windows.yaml b/.github/workflows/ci-build-windows.yaml
index 0b297378..4ed2270e 100644
--- a/.github/workflows/ci-build-windows.yaml
+++ b/.github/workflows/ci-build-windows.yaml
@@ -27,7 +27,7 @@ jobs:
           go-version: '1.26.0'
 
       - name: Harden Runner
-        uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index 6a9f5109..cd063a40 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -32,7 +32,7 @@ jobs:
           go-version: '1.26.0'
 
       - name: Harden Runner
-        uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index 02266186..71d4f8b7 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -34,7 +34,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450
+      uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs