diff --git a/lib/kitchen/driver/oci/instance/compute.rb b/lib/kitchen/driver/oci/instance/compute.rb
index 47ac1c0..6954b2f 100644
--- a/lib/kitchen/driver/oci/instance/compute.rb
+++ b/lib/kitchen/driver/oci/instance/compute.rb
@@ -95,6 +95,17 @@ def instance_source_via_boot_volume
           def instance_metadata
             launch_details.metadata = metadata
           end
+
+          # Adds the instance_options property to the launch_details to disable legacy IMDS endpoints at launch time.
+          # This ensures IMDSv2 is enabled from instance creation, which is required by OCI security policies
+          # that deny instance creation when areLegacyEndpointsDisabled='false'.
+          def launch_instance_options
+            opts = config[:instance_options] || {}
+            opts[:are_legacy_imds_endpoints_disabled] = true unless opts.key?(:are_legacy_imds_endpoints_disabled)
+            return if opts.empty?
+
+            launch_details.instance_options = OCI::Core::Models::InstanceOptions.new(opts)
+          end
         end
       end
     end
diff --git a/spec/spec_helper/compute_helper.rb b/spec/spec_helper/compute_helper.rb
index 0678bd5..e7bf1e8 100644
--- a/spec/spec_helper/compute_helper.rb
+++ b/spec/spec_helper/compute_helper.rb
@@ -55,6 +55,9 @@
         nsg_ids: driver_config[:nsg_ids],
         subnet_id: subnet_ocid
       )
+      l.instance_options = OCI::Core::Models::InstanceOptions.new(
+        are_legacy_imds_endpoints_disabled: true
+      )
       l.freeform_tags = { kitchen: true }
       l.defined_tags = {}
       l.metadata = instance_metadata
@@ -83,6 +86,9 @@
         nsg_ids: driver_config[:nsg_ids],
         subnet_id: subnet_ocid
       )
+      l.instance_options = OCI::Core::Models::InstanceOptions.new(
+        are_legacy_imds_endpoints_disabled: true
+      )
       l.freeform_tags = { kitchen: true }
       l.defined_tags = {}
       l.metadata = instance_metadata