diff --git a/actions/setup/js/add_comment.test.cjs b/actions/setup/js/add_comment.test.cjs
index 5c8d9842532..850aa3cb5fa 100644
--- a/actions/setup/js/add_comment.test.cjs
+++ b/actions/setup/js/add_comment.test.cjs
@@ -2164,7 +2164,7 @@ describe("add_comment", () => {
       expect(cautionIndex).toBeGreaterThanOrEqual(0);
       expect(cautionIndex).toBeLessThan(bodyIndex);
       expect(capturedBody).toContain("agentic threat detected");
-      expect(capturedBody).toContain("<!-- agentic threat detected -->");
+      expect(capturedBody).toContain("<!-- gh-aw-threat-detected -->");
       expect(capturedBody).toContain("> Generated by [Security Test Workflow]");
       expect(capturedBody).toMatch(/> \[!CAUTION\][\s\S]*\n\n> Generated by \[Security Test Workflow\]/);
 
diff --git a/actions/setup/js/generate_footer.test.cjs b/actions/setup/js/generate_footer.test.cjs
index 89d6bd10da8..75f47f36d9f 100644
--- a/actions/setup/js/generate_footer.test.cjs
+++ b/actions/setup/js/generate_footer.test.cjs
@@ -475,7 +475,7 @@ describe("generate_footer.cjs", () => {
 
         expect(result).toContain("> [!CAUTION]");
         expect(result).toContain("agentic threat detected");
-        expect(result).toContain("<!-- agentic threat detected -->");
+        expect(result).toContain("<!-- gh-aw-threat-detected -->");
         expect(result).toContain("Potential security threats were detected");
       });
 
diff --git a/actions/setup/js/messages.test.cjs b/actions/setup/js/messages.test.cjs
index 73fd59367fd..0f7153b8ec6 100644
--- a/actions/setup/js/messages.test.cjs
+++ b/actions/setup/js/messages.test.cjs
@@ -934,7 +934,7 @@ describe("messages.cjs", () => {
 
       expect(result).toContain("> [!CAUTION]");
       expect(result).toContain("agentic threat detected");
-      expect(result).toContain("<!-- agentic threat detected -->");
+      expect(result).toContain("<!-- gh-aw-threat-detected -->");
       expect(result).toContain("Potential security threats were detected");
     });
 
diff --git a/actions/setup/js/threat_detection_warning.cjs b/actions/setup/js/threat_detection_warning.cjs
index 5e47b326fc9..f5774f113bc 100644
--- a/actions/setup/js/threat_detection_warning.cjs
+++ b/actions/setup/js/threat_detection_warning.cjs
@@ -27,7 +27,7 @@ function normalizeThreatKinds(reason) {
  * @returns {string}
  */
 function getThreatDetectedMarker(reason) {
-  return "<!-- agentic threat detected -->";
+  return "<!-- gh-aw-threat-detected -->";
 }
 
 /**
@@ -36,7 +36,7 @@ function getThreatDetectedMarker(reason) {
  * @returns {string}
  */
 function getThreatDetectedMarkerTemplate() {
-  return "<!-- agentic threat detected -->";
+  return "<!-- gh-aw-threat-detected -->";
 }
 
 /**
diff --git a/actions/setup/js/threat_detection_warning.test.cjs b/actions/setup/js/threat_detection_warning.test.cjs
index b91acbb0bc0..d5405d7ddfd 100644
--- a/actions/setup/js/threat_detection_warning.test.cjs
+++ b/actions/setup/js/threat_detection_warning.test.cjs
@@ -16,8 +16,8 @@ describe("threat_detection_warning", () => {
 
   describe("marker helpers", () => {
     it("emits the normative threat marker", () => {
-      expect(getThreatDetectedMarker("threat_detected,parse_error")).toBe("<!-- agentic threat detected -->");
-      expect(getThreatDetectedMarkerTemplate()).toBe("<!-- agentic threat detected -->");
+      expect(getThreatDetectedMarker("threat_detected,parse_error")).toBe("<!-- gh-aw-threat-detected -->");
+      expect(getThreatDetectedMarkerTemplate()).toBe("<!-- gh-aw-threat-detected -->");
     });
   });
 
diff --git a/actions/setup/js/update_activation_comment.test.cjs b/actions/setup/js/update_activation_comment.test.cjs
index 06e8c6f642a..e12d3e6c803 100644
--- a/actions/setup/js/update_activation_comment.test.cjs
+++ b/actions/setup/js/update_activation_comment.test.cjs
@@ -84,7 +84,7 @@ const createTestableFunction = scriptContent => {
             parse_error: "The threat detection results could not be parsed.",
           };
           const reasonText = reasons[reason] || "The threat detection analysis could not be completed.";
-          return `> [!CAUTION]\n> agentic threat detected\n> Threat detection flagged this output in warn mode. Manual review is REQUIRED before any follow-up automation.\n> <!-- agentic threat detected -->\n>\n> ${reasonText}`;
+          return `> [!CAUTION]\n> agentic threat detected\n> Threat detection flagged this output in warn mode. Manual review is REQUIRED before any follow-up automation.\n> <!-- gh-aw-threat-detected -->\n>\n> ${reasonText}`;
         },
       };
     }
diff --git a/docs/src/content/docs/reference/safe-outputs-specification.md b/docs/src/content/docs/reference/safe-outputs-specification.md
index 796f26c20a5..bdd22619bc1 100644
--- a/docs/src/content/docs/reference/safe-outputs-specification.md
+++ b/docs/src/content/docs/reference/safe-outputs-specification.md
@@ -4242,7 +4242,7 @@ When threat detection executes in `warn` mode and reports a threat signal for a
    > Threat detection flagged this output in warn mode. Manual review is REQUIRED before any follow-up automation.
 
 2. A visible threat label string: `agentic threat detected`.
-3. An XML comment marker in emitted markdown content: `<!-- agentic threat detected -->`.
+3. An XML comment marker in emitted markdown content: `<!-- gh-aw-threat-detected -->`.
 
 **Requirement WTD2 (Convertible Fallback)**: For safe output types classified as **Convertible**, implementations MUST transform the operation into the mapped Reviewable type before execution. For this specification, `push_to_pull_request_branch` (also referred to as `update-pull-request-branch`) MUST fall back to `create_pull_request` with the WTD1 caution, label, and XML marker.