diff --git a/.github/workflows/warden.yml b/.github/workflows/warden.yml
index 23222a0..455aaf4 100644
--- a/.github/workflows/warden.yml
+++ b/.github/workflows/warden.yml
@@ -9,6 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
         contents: read
+        id-token: write
     env:
       WARDEN_ANTHROPIC_API_KEY: ${{ secrets.WARDEN_ANTHROPIC_API_KEY }}
       WARDEN_MODEL: ${{ secrets.WARDEN_MODEL }}
@@ -25,6 +26,32 @@ jobs:
           owner: ${{ github.repository_owner }} # access to all repos, cause this is triggered on org level
 
       - uses: getsentry/warden@v0
+        id: warden
         continue-on-error: true # throw no error for now
         with:
-          github-token: ${{ steps.app-token.outputs.token }}
\ No newline at end of file
+          github-token: ${{ steps.app-token.outputs.token }}
+
+      - name: Authenticate to Google Cloud
+        continue-on-error: true
+        uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093
+        with:
+          workload_identity_provider: projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool
+          service_account: gha-warden@sac-prod-sa.iam.gserviceaccount.com
+
+      - name: Rename findings file with timestamp
+        id: rename-findings
+        if: always() && steps.warden.outputs.findings-file != ''
+        env:
+          FINDINGS_FILE: ${{ steps.warden.outputs.findings-file }}
+        run: |
+          DEST="$RUNNER_TEMP/$(date -u +%Y-%m-%dT%H%M%SZ).json"
+          cp "$FINDINGS_FILE" "$DEST"
+          echo "path=$DEST" >> "$GITHUB_OUTPUT"
+
+      - name: Upload findings to GCS
+        continue-on-error: true
+        uses: google-github-actions/upload-cloud-storage@c0f6160ff80057923ff50e5e567695cea181ec23 # v2
+        if: always() && steps.rename-findings.outputs.path != ''
+        with:
+          path: ${{ steps.rename-findings.outputs.path }}
+          destination: warden-logs/${{ github.repository }}
\ No newline at end of file