diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1c39b4c..e6d41bc 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -25,7 +25,7 @@ jobs:
         run: uv python install ${{ env.PYTHON_VERSION }}
 
       - name: Install dependencies
-        run: uv sync --dev
+        run: uv sync --extra dev
 
       - name: Run ruff check
         run: uv run ruff check src/ tests/
@@ -48,7 +48,7 @@ jobs:
         run: uv python install ${{ env.PYTHON_VERSION }}
 
       - name: Install dependencies
-        run: uv sync --dev
+        run: uv sync --extra dev
 
       - name: Run mypy
         run: uv run mypy src/polybot/ --ignore-missing-imports
@@ -70,7 +70,7 @@ jobs:
         run: uv python install ${{ env.PYTHON_VERSION }}
 
       - name: Install dependencies
-        run: uv sync --dev
+        run: uv sync --extra dev
 
       - name: Create data directory
         run: mkdir -p data
@@ -111,11 +111,8 @@ jobs:
       - name: Set up Python
         run: uv python install ${{ env.PYTHON_VERSION }}
 
-      - name: Install bandit
-        run: uv pip install bandit
-
       - name: Run bandit security check
-        run: uv run bandit -r src/polybot/ -ll -x tests/ -f json -o bandit-report.json
+        run: uvx --from bandit bandit -r src/polybot/ -ll -x tests/ -f json -o bandit-report.json
         continue-on-error: true
 
       - name: Upload security report