diff --git a/api/tests/cryptographic-failures.runtime.test.ts b/api/tests/cryptographic-failures.runtime.test.ts
index 7cc4406..e244e43 100644
--- a/api/tests/cryptographic-failures.runtime.test.ts
+++ b/api/tests/cryptographic-failures.runtime.test.ts
@@ -122,10 +122,17 @@ describe("A04 Cryptographic Failures (runtime adversarial checks)", () => {
   });
 
   it("accepts token with correct signature, issuer, and audience", async () => {
+    const user = await app.prisma.user.create({
+      data: {
+        email: `jwt-runtime-${Date.now()}@test.dev`,
+        emailVerified: true,
+      },
+      select: { id: true },
+    });
     const nowSeconds = Math.floor(Date.now() / 1000);
     const token = signHs256Token(
       {
-        sub: `valid-${Date.now()}`,
+        sub: user.id,
         iss: "skymoney-api",
         aud: "skymoney-web",
         iat: nowSeconds,
@@ -141,5 +148,7 @@ describe("A04 Cryptographic Failures (runtime adversarial checks)", () => {
 
     expect(res.status).toBe(200);
     expect(res.body.ok).toBe(true);
+
+    await app.prisma.user.delete({ where: { id: user.id } });
   });
 });
diff --git a/api/tests/security-logging-monitoring-failures.test.ts b/api/tests/security-logging-monitoring-failures.test.ts
index 1c9c958..58b31b5 100644
--- a/api/tests/security-logging-monitoring-failures.test.ts
+++ b/api/tests/security-logging-monitoring-failures.test.ts
@@ -1,4 +1,4 @@
-import { afterAll, beforeAll, describe, expect, it } from "vitest";
+import { afterAll, beforeAll, describe, expect, it, vi } from "vitest";
 import request from "supertest";
 import type { FastifyInstance } from "fastify";
 import { buildApp } from "../src/server";
@@ -77,6 +77,9 @@ describe("A09 Security Logging and Monitoring Failures", () => {
 
   it("emits structured security log for forgot-password requests without raw token data", async () => {
     capturedEvents.length = 0;
+    const findUniqueMock = vi
+      .spyOn((authApp as any).prisma.user, "findUnique")
+      .mockResolvedValue(null);
 
     const res = await request(authApp.server)
       .post("/auth/forgot-password/request")
@@ -89,5 +92,6 @@ describe("A09 Security Logging and Monitoring Failures", () => {
     expect(event).toBeTruthy();
     expect(event?.outcome).toBe("success");
     expect(event && "token" in event).toBe(false);
+    findUniqueMock.mockRestore();
   });
 });