diff --git a/config/interceptors/core-interceptors-deployment.yaml b/config/interceptors/core-interceptors-deployment.yaml
index 82d853f93..dc524d9c9 100644
--- a/config/interceptors/core-interceptors-deployment.yaml
+++ b/config/interceptors/core-interceptors-deployment.yaml
@@ -82,6 +82,7 @@ spec:
           timeoutSeconds: 5
         securityContext:
           allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
           # User 65532 is the distroless nonroot user ID
           runAsUser: 65532
           runAsGroup: 65532