diff --git a/packages/zarf-agent/manifests/deployment.yaml b/packages/zarf-agent/manifests/deployment.yaml
index a8e481845f..61731ada18 100644
--- a/packages/zarf-agent/manifests/deployment.yaml
+++ b/packages/zarf-agent/manifests/deployment.yaml
@@ -21,6 +21,13 @@ spec:
         - name: private-registry
       priorityClassName: system-node-critical
       serviceAccountName: zarf
+      # Security context to comply with restricted PSS
+      securityContext:
+        runAsUser: 1000
+        fsGroup: 2000
+        runAsGroup: 2000
+        seccompProfile:
+          type: "RuntimeDefault"
       containers:
         - name: server
           image: "###ZARF_REGISTRY###/###ZARF_CONST_AGENT_IMAGE###:###ZARF_CONST_AGENT_IMAGE_TAG###"
@@ -32,6 +39,12 @@ spec:
               scheme: HTTPS
           ports:
             - containerPort: 8443
+          securityContext:
+            readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            capabilities:
+              drop: ["ALL"]
           resources:
             requests:
               memory: "32Mi"