diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml
index f48d92a..7f3c5aa 100644
--- a/.github/actionlint.yaml
+++ b/.github/actionlint.yaml
@@ -1,5 +1,4 @@
 self-hosted-runner:
   labels:
-    - blacksmith-4vcpu-ubuntu-2404
 
 config-variables: null
diff --git a/.github/workflow-templates/agent-authorship-labels.yml b/.github/workflow-templates/agent-authorship-labels.yml
index 186676a..fa5bea4 100644
--- a/.github/workflow-templates/agent-authorship-labels.yml
+++ b/.github/workflow-templates/agent-authorship-labels.yml
@@ -12,3 +12,5 @@ permissions:
 jobs:
   label:
     uses: evalops/.github/.github/workflows/agent-authorship-label.yml@main
+    with:
+      runner_label: ubuntu-latest
diff --git a/.github/workflows/agent-authorship-label.yml b/.github/workflows/agent-authorship-label.yml
index fd2058a..beecad6 100644
--- a/.github/workflows/agent-authorship-label.yml
+++ b/.github/workflows/agent-authorship-label.yml
@@ -12,7 +12,7 @@ on:
         description: "Runner label used for the label job"
         required: false
         type: string
-        default: blacksmith-4vcpu-ubuntu-2404
+        default: ubuntu-latest
       helper_ref:
         description: "evalops/.github ref used to checkout helper scripts"
         required: false
diff --git a/.github/workflows/codeql-guard.yml b/.github/workflows/codeql-guard.yml
index d971abb..5661bf8 100644
--- a/.github/workflows/codeql-guard.yml
+++ b/.github/workflows/codeql-guard.yml
@@ -23,7 +23,7 @@ jobs:
   guard-self:
     name: Forbid CodeQL in evalops/.github
     if: ${{ github.event_name != 'schedule' }}
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
       - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
@@ -52,7 +52,7 @@ jobs:
   guard-org:
     name: Sweep evalops/* for CodeQL workflow drift
     if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' }}
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: ubuntu-latest
     timeout-minutes: 15
     env:
       GH_TOKEN: ${{ github.token }}
@@ -158,7 +158,7 @@ jobs:
           {
             echo "## codeql-guard tripped"
             echo
-            echo "EvalOps does not run GitHub CodeQL (see \`SECURITY.md\` and the Blacksmith"
+            echo "EvalOps does not run GitHub CodeQL (see \`SECURITY.md\` and the org"
             echo "code security configuration, which is now \`enforcement: enforced\`)."
             echo
             if [ "${file_count}" -gt 0 ]; then
diff --git a/.github/workflows/codex-rails-check.yml b/.github/workflows/codex-rails-check.yml
index a06eb5d..a80595f 100644
--- a/.github/workflows/codex-rails-check.yml
+++ b/.github/workflows/codex-rails-check.yml
@@ -33,14 +33,14 @@ on:
         description: "Runner label used for the validation job"
         required: false
         type: string
-        default: blacksmith-4vcpu-ubuntu-2404
+        default: ubuntu-latest
 
 permissions:
   contents: read
 
 jobs:
   validate:
-    runs-on: ${{ inputs.runner_label || 'blacksmith-4vcpu-ubuntu-2404' }}
+    runs-on: ${{ inputs.runner_label || 'ubuntu-latest' }}
     timeout-minutes: 10
     steps:
       - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
diff --git a/.github/workflows/pysa.yml b/.github/workflows/pysa.yml
index 7322a13..c6510ab 100644
--- a/.github/workflows/pysa.yml
+++ b/.github/workflows/pysa.yml
@@ -12,7 +12,7 @@ on:
         description: "Runner label used for Pysa"
         required: false
         type: string
-        default: blacksmith-4vcpu-ubuntu-2404
+        default: ubuntu-latest
       working_directory:
         description: "Repository-relative directory to analyze"
         required: false