diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7b16d295..c172a727 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -121,7 +121,7 @@ jobs:
           fail_ci_if_error: false
 
       - name: Upload coverage artifacts
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: toolkit-coverage
           path: packages/toolkit/coverage/
@@ -157,7 +157,7 @@ jobs:
           fi
 
       - name: Upload build artifacts
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: toolkit-dist
           path: packages/toolkit/dist/
@@ -191,7 +191,7 @@ jobs:
           SKIP_ENV_VALIDATION: true
 
       - name: Upload build artifacts
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: mcp-server-dist
           path: packages/api-server/.next/
@@ -360,7 +360,7 @@ jobs:
           rm -rf "$tmpdir"
 
       - name: Upload ep-admin coverage artifacts
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: ep-admin-coverage
           path: packages/ep-admin/coverage/
diff --git a/.github/workflows/generate-patterns.yml b/.github/workflows/generate-patterns.yml
index 656794a5..ffc93e0c 100644
--- a/.github/workflows/generate-patterns.yml
+++ b/.github/workflows/generate-patterns.yml
@@ -56,7 +56,7 @@ jobs:
           echo "✅ patterns.json validated successfully"
 
       - name: Upload patterns.json as artifact
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: patterns-data
           path: services/mcp-server/data/patterns.json
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 0812fd74..f2e71d86 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -71,7 +71,7 @@ jobs:
 
       - name: Upload audit results
         if: always()
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: audit-results
           path: audit-results.json
@@ -165,7 +165,7 @@ jobs:
           echo "✅ No prohibited licenses found" >> $GITHUB_STEP_SUMMARY
 
       - name: Upload license report
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: license-report
           path: licenses.json
@@ -232,7 +232,7 @@ jobs:
           echo "✅ SBOM generated successfully"
 
       - name: Upload SBOM
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: sbom
           path: sbom.json
@@ -240,7 +240,7 @@ jobs:
 
       - name: Attach SBOM to release
         if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: sbom-release
           path: sbom.json