diff --git a/.circleci/config.yml b/.circleci/config.yml
index ec30555..ce53e4a 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -49,6 +49,25 @@ workflows:
         - << pipeline.parameters.validation_flag >>
         - not: << pipeline.parameters.release_flag >>
     jobs:
+      # Signature verification for trusted PRs (with write access for comments)
+      - toolkit/verify_commit_signatures:
+          name: verify_commit_signatures_trusted
+          context: bot-check
+          post_comment: true
+          update_pcu: false
+          filters:
+            branches:
+              ignore:
+                - main
+                - /pull\/[0-9]+/
+      # Signature verification for forked PRs (read-only, no comments)
+      - toolkit/verify_commit_signatures:
+          name: verify_commit_signatures_forked
+          post_comment: false
+          update_pcu: false
+          filters:
+            branches:
+              only: /pull\/[0-9]+/
       - toolkit/label:
           min_rust_version: << pipeline.parameters.min_rust_version >>
           context: pcu-app
@@ -69,7 +88,13 @@ workflows:
       - toolkit/idiomatic_rust:
           min_rust_version: << pipeline.parameters.min_rust_version >>
       - toolkit/update_prlog:
+          filters:
+            branches:
+              ignore:
+                - /pull\/[0-9]+/
+                - main
           requires:
+            - verify_commit_signatures_trusted
             - toolkit/required_builds
             - toolkit/common_tests
             - toolkit/idiomatic_rust
diff --git a/PRLOG.md b/PRLOG.md
index 5e9fae5..68b4f8e 100644
--- a/PRLOG.md
+++ b/PRLOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- add security improvements to CI(pr [#129])
+
 ### Security
 
 - Dependencies: bump bytes from 1.9.0 to 1.11.1 in the cargo group across 1 directory(pr [#128])
@@ -431,6 +435,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#126]: https://github.com/jerus-org/lambda_sqs/pull/126
 [#127]: https://github.com/jerus-org/lambda_sqs/pull/127
 [#128]: https://github.com/jerus-org/lambda_sqs/pull/128
+[#129]: https://github.com/jerus-org/lambda_sqs/pull/129
 [Unreleased]: https://github.com/jerus-org/lambda_sqs/compare/v0.3.0...HEAD
 [0.3.0]: https://github.com/jerus-org/lambda_sqs/compare/v0.2.37...v0.3.0
 [0.2.37]: https://github.com/jerus-org/lambda_sqs/compare/v0.2.36...v0.2.37