diff --git a/lib/analyze-action.js b/lib/analyze-action.js
index 7069a7375..f542306c4 100644
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@@ -91562,7 +91562,7 @@ var GitHubFeatureFlags = class {
       const httpError = asHTTPError(e);
       if (httpError?.status === 403) {
         this.logger.warning(
-          `This run of the CodeQL Action does not have permission to access Code Scanning API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the Action has the 'security-events: write' permission. Details: ${httpError.message}`
+          `This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: ${httpError.message}`
         );
         this.hasAccessedRemoteFeatureFlags = false;
         return {};
diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js
index a6aaf21db..55e45109f 100644
--- a/lib/autobuild-action.js
+++ b/lib/autobuild-action.js
@@ -80323,7 +80323,7 @@ var GitHubFeatureFlags = class {
       const httpError = asHTTPError(e);
       if (httpError?.status === 403) {
         this.logger.warning(
-          `This run of the CodeQL Action does not have permission to access Code Scanning API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the Action has the 'security-events: write' permission. Details: ${httpError.message}`
+          `This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: ${httpError.message}`
         );
         this.hasAccessedRemoteFeatureFlags = false;
         return {};
diff --git a/lib/init-action-post.js b/lib/init-action-post.js
index bb0b377d3..6e25d41c5 100644
--- a/lib/init-action-post.js
+++ b/lib/init-action-post.js
@@ -129686,7 +129686,7 @@ var GitHubFeatureFlags = class {
       const httpError = asHTTPError(e);
       if (httpError?.status === 403) {
         this.logger.warning(
-          `This run of the CodeQL Action does not have permission to access Code Scanning API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the Action has the 'security-events: write' permission. Details: ${httpError.message}`
+          `This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: ${httpError.message}`
         );
         this.hasAccessedRemoteFeatureFlags = false;
         return {};
diff --git a/lib/init-action.js b/lib/init-action.js
index cffd58360..8bc286e9b 100644
--- a/lib/init-action.js
+++ b/lib/init-action.js
@@ -88988,7 +88988,7 @@ var GitHubFeatureFlags = class {
       const httpError = asHTTPError(e);
       if (httpError?.status === 403) {
         this.logger.warning(
-          `This run of the CodeQL Action does not have permission to access Code Scanning API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the Action has the 'security-events: write' permission. Details: ${httpError.message}`
+          `This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: ${httpError.message}`
         );
         this.hasAccessedRemoteFeatureFlags = false;
         return {};
diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js
index e6a3b6b5b..e67adb4ac 100644
--- a/lib/setup-codeql-action.js
+++ b/lib/setup-codeql-action.js
@@ -86793,7 +86793,7 @@ var GitHubFeatureFlags = class {
       const httpError = asHTTPError(e);
       if (httpError?.status === 403) {
         this.logger.warning(
-          `This run of the CodeQL Action does not have permission to access Code Scanning API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the Action has the 'security-events: write' permission. Details: ${httpError.message}`
+          `This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: ${httpError.message}`
         );
         this.hasAccessedRemoteFeatureFlags = false;
         return {};
diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js
index 73391b6be..574440a74 100644
--- a/lib/upload-sarif-action.js
+++ b/lib/upload-sarif-action.js
@@ -89736,7 +89736,7 @@ var GitHubFeatureFlags = class {
       const httpError = asHTTPError(e);
       if (httpError?.status === 403) {
         this.logger.warning(
-          `This run of the CodeQL Action does not have permission to access Code Scanning API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the Action has the 'security-events: write' permission. Details: ${httpError.message}`
+          `This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: ${httpError.message}`
         );
         this.hasAccessedRemoteFeatureFlags = false;
         return {};
diff --git a/src/feature-flags.ts b/src/feature-flags.ts
index bf7f7d3d4..21ba26857 100644
--- a/src/feature-flags.ts
+++ b/src/feature-flags.ts
@@ -666,10 +666,10 @@ class GitHubFeatureFlags {
       const httpError = util.asHTTPError(e);
       if (httpError?.status === 403) {
         this.logger.warning(
-          "This run of the CodeQL Action does not have permission to access Code Scanning API endpoints. " +
+          "This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. " +
             "As a result, it will not be opted into any experimental features. " +
             "This could be because the Action is running on a pull request from a fork. If not, " +
-            `please ensure the Action has the 'security-events: write' permission. Details: ${httpError.message}`,
+            `please ensure the workflow has at least the 'security-events: read' permission. Details: ${httpError.message}`,
         );
         this.hasAccessedRemoteFeatureFlags = false;
         return {};