diff --git a/.cargo/audit.toml b/.cargo/audit.toml
deleted file mode 100644
index d19582cc46a..00000000000
--- a/.cargo/audit.toml
+++ /dev/null
@@ -1,18 +0,0 @@
-[advisories]
-ignore = [
-    # The `paste` dependency is transitively included via `gdbstub`.
-    # While the crate is archived/unmaintained, the author considers it feature-complete
-    # and functionally stable. gdbstub will be update once they migrate
-    # to an alternative solution.
-    # See https://github.com/daniel5151/gdbstub/issues/168
-    "RUSTSEC-2024-0436",
-
-    # `rand` unsoundness when a custom logger re-enters `rand::rng()`/`thread_rng()`
-    # during ThreadRng reseeding. Firecracker is not affected:
-    # - uuid (1.23.0): does not enable `fast-rng` or `rng-rand` features, so it uses
-    #   `getrandom` directly and never calls into rand.
-    # - proptest: uses rand 0.9 with `default-features = false` and does not enable
-    #   the `thread_rng` feature, so the affected functions are not compiled in.
-    # See https://rustsec.org/advisories/RUSTSEC-2026-0097.html
-    "RUSTSEC-2026-0097",
-]
diff --git a/tests/integration_tests/security/test_sec_audit.py b/tests/integration_tests/security/test_sec_audit.py
index c11e5a18447..b7681e6ba40 100644
--- a/tests/integration_tests/security/test_sec_audit.py
+++ b/tests/integration_tests/security/test_sec_audit.py
@@ -6,11 +6,11 @@
 
 import pytest
 
+from framework import utils
 from framework.ab_test import (
     git_ab_test_host_command_if_pr,
     set_did_not_grow_comparator,
 )
-from framework.utils import CommandReturn
 from framework.utils_cpuid import CpuVendor, get_cpu_vendor
 
 
@@ -23,19 +23,35 @@ def test_cargo_audit():
     Run cargo audit to check for crates with security vulnerabilities.
     """
 
-    def set_of_vulnerabilities(output: CommandReturn):
-        output = json.loads(output.stdout)
-
-        return set(
-            frozenset(vulnerability)
-            for vulnerability in output["vulnerabilities"]["list"]
-        ).union(
-            frozenset(warning)
-            for warning_kind, warnings in output["warnings"].items()
-            for warning in warnings
-        )
+    def set_of_vulnerabilities(output: utils.CommandReturn):
+        # The `stdout` will contain one `json` payload per line
+        findings = set()
+        for line in output.stderr.splitlines():
+            line = line.strip()
+            if not line:
+                continue
+            entry = json.loads(line)
+            # There is also `summary` type, which is of not interest for us
+            if entry["type"] != "diagnostic":
+                continue
+            fields = entry["fields"]
+            advisory = fields.get("advisory") or {}
+            # Identify a finding by its code, advisory id and affected crate;
+            # Findings without an advisory (e.g. yanked crates) fall back to
+            # the crate from the dependency graph.
+            krate = (fields.get("graphs") or [{}])[0].get("Krate", {})
+            findings.add(
+                (
+                    fields.get("code"),
+                    advisory.get("id"),
+                    advisory.get("package") or krate.get("name"),
+                )
+            )
+        return findings
+
+    utils.run_cmd("cargo install --locked cargo-deny --debug")
 
     git_ab_test_host_command_if_pr(
-        "cargo install --locked cargo-audit && cargo audit --deny warnings -q --json",
+        "cargo deny --all-features -f json check advisories",
         comparator=set_did_not_grow_comparator(set_of_vulnerabilities),
     )