diff --git a/.github/workflows/ecosystem-ci.yml b/.github/workflows/ecosystem-ci.yml
index db274aadb4..0349a6a459 100644
--- a/.github/workflows/ecosystem-ci.yml
+++ b/.github/workflows/ecosystem-ci.yml
@@ -11,6 +11,12 @@ on:
         required: true
         default: 'main'
 
+permissions:
+  # Allow commenting on commits
+  contents: write
+  # Allow commenting on issues
+  issues: write
+
 jobs:
   ecosystem_ci_notify:
     name: Run Ecosystem CI With Notify
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 68c3348452..cec5713203 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -27,6 +27,8 @@ on:
 permissions:
   # Provenance generation in GitHub Actions requires "write" access to the "id-token"
   id-token: write
+  # Allow commenting on issues
+  issues: write
 
 jobs:
   release: