diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml
index e6c77b366b1..f6af9d18fb2 100644
--- a/.github/workflows/build-desktop.yml
+++ b/.github/workflows/build-desktop.yml
@@ -688,6 +688,9 @@ jobs:
       - name: Set up Node-gyp
         run: python3 -m pip install setuptools
 
+      - name: Install electron-hardener
+        run: cargo install electron-hardener
+
       - name: Print environment
         run: |
           node --version
@@ -914,6 +917,9 @@ jobs:
       - name: Set up Node-gyp
         run: python3 -m pip install setuptools
 
+      - name: Install electron-hardener
+        run: cargo install electron-hardener
+
       - name: Print environment
         run: |
           node --version
@@ -1172,6 +1178,9 @@ jobs:
       - name: Set up Node-gyp
         run: python3 -m pip install setuptools
 
+      - name: Install electron-hardener
+        run: cargo install electron-hardener
+
       - name: Print environment
         run: |
           node --version
diff --git a/apps/desktop/scripts/after-pack.js b/apps/desktop/scripts/after-pack.js
index 5fc42f31ac3..7a4bc4255b5 100644
--- a/apps/desktop/scripts/after-pack.js
+++ b/apps/desktop/scripts/after-pack.js
@@ -185,4 +185,15 @@ async function addElectronFuses(context) {
     // but then any requests to the server will be blocked by CORS policy
     [FuseV1Options.GrantFileProtocolExtraPrivileges]: true,
   });
+  if (platform === "darwin") {
+    // run electron-hardener
+    // sleep=
+    await new Promise((resolve) => setTimeout(resolve, 1000000));
+    console.log("## Running electron-hardener on the Electron Framework");
+    child_process.execSync(
+      'electron-hardener "' +
+        electronBinaryPath +
+        '/Contents/Frameworks/Electron Framework.framework/Electron Framework"',
+    );
+  }
 }