diff --git a/scripts/gates/p40_live_readiness.sh b/scripts/gates/p40_live_readiness.sh
index 095c5190a..43d827428 100755
--- a/scripts/gates/p40_live_readiness.sh
+++ b/scripts/gates/p40_live_readiness.sh
@@ -95,6 +95,7 @@ if [ "$GATE_MODE" == "pos" ]; then
     
     # Enable Deadman
     touch user_data/secrets/deadman_live.ok
+    chmod 600 user_data/secrets/deadman_live.ok
     touch -m user_data/secrets/deadman_live.ok
 
     export FT_ENABLE_LIVE_ORDERS=1
diff --git a/scripts/p30_check_live_guard.py b/scripts/p30_check_live_guard.py
index 3efe01fea..e33b36a25 100644
--- a/scripts/p30_check_live_guard.py
+++ b/scripts/p30_check_live_guard.py
@@ -63,12 +63,13 @@ def verify_p30_guard():
     }
     exchange.breeze = mock_breeze
 
-    # Create Deadman File for P40 Compliance
+    # Create Deadman File for P40 Compliance with secure permissions
     from pathlib import Path
 
     deadman_file = Path("user_data/secrets/deadman_live.ok")
     deadman_file.parent.mkdir(parents=True, exist_ok=True)
     deadman_file.touch()
+    os.chmod(deadman_file, 0o600)
 
     # Mock RiskGuard to avoid 'intraday_cutoff' or other risk blocks
     exchange.risk_guard = MagicMock()