diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml
index ee60b6130f..7f80519b19 100644
--- a/.github/workflows/pypi.yml
+++ b/.github/workflows/pypi.yml
@@ -37,6 +37,8 @@ jobs:
 
       - name: Attest GitHub build provenance
         uses: actions/attest-build-provenance@v2
+        # Don't attest from forks
+        if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
         with:
           subject-path: dist/*.tar.gz
 
@@ -82,6 +84,8 @@ jobs:
 
       - name: Attest GitHub build provenance
         uses: actions/attest-build-provenance@v2
+        # Don't attest from forks
+        if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
         with:
           subject-path: ./wheelhouse/*.whl
 
@@ -117,6 +121,8 @@ jobs:
 
       - name: Attest GitHub build provenance
         uses: actions/attest-build-provenance@v2
+        # Don't attest from forks
+        if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
         with:
           subject-path: dist/*.whl