diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fc7f418..0f0ad6b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -104,7 +104,7 @@ jobs:
       run: just security-audit
 
     - name: Check for hardcoded secrets
-      uses: trufflesecurity/trufflehog@ef6e76c3c4023279497fab4721ffa071a722fd05 # v3.92.4
+      uses: trufflesecurity/trufflehog@116e7171542d2f1dad8810f00dcfacbe0b809183 # v3.92.5
       with:
         path: ./
         base: ${{ github.event.repository.default_branch }}
diff --git a/.github/workflows/secret-scanner.yml b/.github/workflows/secret-scanner.yml
index 9914683..13ec098 100644
--- a/.github/workflows/secret-scanner.yml
+++ b/.github/workflows/secret-scanner.yml
@@ -18,7 +18,7 @@ jobs:
           fetch-depth: 0  # Full history for scanning
 
       - name: TruffleHog Secret Scan
-        uses: trufflesecurity/trufflehog@8a8ef8526528d8a4ff3e2c90be08e25ef8efbd9b # v3
+        uses: trufflesecurity/trufflehog@116e7171542d2f1dad8810f00dcfacbe0b809183 # v3
         with:
           extra_args: --only-verified --fail