diff --git a/detection/execution/unexpected-setuid-binaries.sql b/detection/execution/unexpected-setuid-binaries.sql
index c095c56..36d3f17 100644
--- a/detection/execution/unexpected-setuid-binaries.sql
+++ b/detection/execution/unexpected-setuid-binaries.sql
@@ -294,7 +294,9 @@ FROM
           '/usr/sbin/umount.nfs',
           '/usr/sbin/umount.nfs4',
           '/usr/sbin/unix_chkpwd',
-          '/usr/sbin/usernetctl'
+          '/usr/sbin/usernetctl',
+          '/usr/bin/bwrap',
+          '/bin/bwrap'
         )
       )
       AND NOT (
diff --git a/detection/privesc/unexpected-setxid-process.sql b/detection/privesc/unexpected-setxid-process.sql
index 308ae00..703f22c 100644
--- a/detection/privesc/unexpected-setxid-process.sql
+++ b/detection/privesc/unexpected-setxid-process.sql
@@ -55,7 +55,8 @@ WHERE
     '/usr/lib/slack/chrome-sandbox',
     '/usr/lib/xf86-video-intel-backlight-helper',
     '/usr/lib/Xorg.wrap',
-    '/usr/sbin/traceroute'
+    '/usr/sbin/traceroute',
+    '/usr/bin/bwrap'
   )
   AND f.path NOT LIKE '/Users/%/homebrew/Cellar/socket_vmnet/%/bin/socket_vmnet'
   AND f.path NOT LIKE '/opt/homebrew/Cellar/dnsmasq/%/sbin/dnsmasq'