diff --git a/.github/workflows/build-cmake.yml b/.github/workflows/build-cmake.yml
index 9cee3bfc26d..b9e096eb7b0 100644
--- a/.github/workflows/build-cmake.yml
+++ b/.github/workflows/build-cmake.yml
@@ -21,6 +21,9 @@ jobs:
             gpu-arch-version: "11.8"
       fail-fast: false
     uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main
+    permissions:
+      id-token: write
+      contents: read
     with:
       repository: pytorch/vision
       runner: ${{ matrix.runner }}
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index f6ec4201da3..8b341622181 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -15,6 +15,9 @@ on:
 jobs:
   build:
     uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main
+    permissions:
+      id-token: write
+      contents: read
     with:
       repository: pytorch/vision
       upload-artifact: docs
@@ -79,9 +82,10 @@ jobs:
     needs: build
     if: github.repository == 'pytorch/vision' && github.event_name == 'push' &&
         ((github.ref_type == 'branch' && github.ref_name == 'main') || github.ref_type == 'tag')
+    uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main
     permissions:
+      id-token: write
       contents: write
-    uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main
     with:
       repository: pytorch/vision
       download-artifact: docs
diff --git a/.github/workflows/prototype-tests-linux-gpu.yml b/.github/workflows/prototype-tests-linux-gpu.yml
index e1d6498761b..723da87b0ce 100644
--- a/.github/workflows/prototype-tests-linux-gpu.yml
+++ b/.github/workflows/prototype-tests-linux-gpu.yml
@@ -24,6 +24,9 @@ jobs:
             gpu-arch-version: "11.8"
       fail-fast: false
     uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main
+    permissions:
+      id-token: write
+      contents: read
     with:
       repository: pytorch/vision
       runner: ${{ matrix.runner }}
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index b4a74733967..eb6d40fe9c0 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -27,6 +27,9 @@ jobs:
             gpu-arch-version: "11.8"
       fail-fast: false
     uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main
+    permissions:
+      id-token: write
+      contents: read
     with:
       repository: pytorch/vision
       runner: ${{ matrix.runner }}
@@ -85,6 +88,9 @@ jobs:
             gpu-arch-version: "11.8"
       fail-fast: false
     uses: pytorch/test-infra/.github/workflows/windows_job.yml@main
+    permissions:
+      id-token: write
+      contents: read
     with:
       repository: pytorch/vision
       runner: ${{ matrix.runner }}
@@ -105,6 +111,9 @@ jobs:
 
   onnx:
     uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main
+    permissions:
+      id-token: write
+      contents: read
     with:
       repository: pytorch/vision
       test-infra-ref: main
@@ -136,6 +145,9 @@ jobs:
 
   unittests-extended:
     uses: pytorch/test-infra/.github/workflows/linux_job_v2.yml@main
+    permissions:
+      id-token: write
+      contents: read
     if: contains(github.event.pull_request.labels.*.name, 'run-extended')
     with:
       repository: pytorch/vision