diff --git a/src/security/audit-extra.sync.test.ts b/src/security/audit-extra.sync.test.ts
index 8d872eb32fb..11b2c3e1c28 100644
--- a/src/security/audit-extra.sync.test.ts
+++ b/src/security/audit-extra.sync.test.ts
@@ -10,6 +10,15 @@ vi.mock("../plugins/web-search-credential-presence.js", () => ({
   hasConfiguredWebSearchCredential: () => false,
 }));
 
+function requireFirstFinding<T>(findings: readonly T[], label: string): T {
+  const [finding] = findings;
+  expect(finding).toBeDefined();
+  if (!finding) {
+    throw new Error(`Expected ${label} finding`);
+  }
+  return finding;
+}
+
 describe("collectAttackSurfaceSummaryFindings", () => {
   it.each([
     {
@@ -39,7 +48,10 @@ describe("collectAttackSurfaceSummaryFindings", () => {
       expectedDetail: ["hooks.internal: disabled"],
     },
   ])("$name", ({ cfg, expectedDetail }) => {
-    const [finding] = collectAttackSurfaceSummaryFindings(cfg);
+    const finding = requireFirstFinding(
+      collectAttackSurfaceSummaryFindings(cfg),
+      "attack surface summary",
+    );
     expect(finding.checkId).toBe("summary.attack_surface");
     for (const snippet of expectedDetail) {
       expect(finding.detail).toContain(snippet);
@@ -89,19 +101,22 @@ describe("collectSmallModelRiskFindings", () => {
       detailExcludes: ["No web/browser tools detected"],
     },
   ])("$name", ({ cfg, env, detailIncludes, detailExcludes }) => {
-    const [finding] = collectSmallModelRiskFindings({
-      cfg,
-      env,
-    });
+    const finding = requireFirstFinding(
+      collectSmallModelRiskFindings({
+        cfg,
+        env,
+      }),
+      "small model risk",
+    );
 
-    expect(finding?.checkId).toBe("models.small_params");
-    expect(finding?.severity).toBe("critical");
-    expect(finding?.detail).toContain("ollama/mistral-8b");
+    expect(finding.checkId).toBe("models.small_params");
+    expect(finding.severity).toBe("critical");
+    expect(finding.detail).toContain("ollama/mistral-8b");
     for (const snippet of detailIncludes) {
-      expect(finding?.detail).toContain(snippet);
+      expect(finding.detail).toContain(snippet);
     }
     for (const snippet of detailExcludes) {
-      expect(finding?.detail).not.toContain(snippet);
+      expect(finding.detail).not.toContain(snippet);
     }
   });
 });