diff --git a/app/ai-service/config.py b/app/ai-service/config.py
index ae45562..0f21edb 100644
--- a/app/ai-service/config.py
+++ b/app/ai-service/config.py
@@ -8,7 +8,6 @@
 from pydantic_settings import BaseSettings, SettingsConfigDict
 import logging
 import os
-import secrets
 
 logger = logging.getLogger(__name__)
 
@@ -70,7 +69,7 @@ class Settings(BaseSettings):
     # Verification artifact access settings
     verification_artifacts_dir: str = "./artifacts/verification"
     verification_artifact_url_ttl_seconds: int = 300
-    artifact_signing_secret: str = secrets.token_urlsafe(32)
+    artifact_signing_secret: str = "dev-artifact-signing-secret-change-me"
 
     model_config = SettingsConfigDict(
         env_file=".env",
@@ -101,6 +100,10 @@ def apply_environment_defaults(self) -> "Settings":
                 raise ValueError(
                     "Production environment requires OPENAI_API_KEY, GROQ_API_KEY, or TEST_PROVIDER_MODE=true"
                 )
+            if "ARTIFACT_SIGNING_SECRET" not in os.environ:
+                raise ValueError(
+                    "Production environment requires ARTIFACT_SIGNING_SECRET"
+                )
 
         return self
 
@@ -124,4 +127,4 @@ def get_active_provider(self) -> Optional[str]:
 
 
 def get_settings() -> Settings:
-    return settings
\ No newline at end of file
+    return settings
diff --git a/app/ai-service/tests/test_config.py b/app/ai-service/tests/test_config.py
index 57bf1bf..b98ced9 100644
--- a/app/ai-service/tests/test_config.py
+++ b/app/ai-service/tests/test_config.py
@@ -41,6 +41,24 @@ def test_validate_api_keys_returns_true_when_test_provider_mode(monkeypatch):
     assert settings.validate_api_keys() is True
 
 
+def test_artifact_signing_secret_can_be_set_from_environment(monkeypatch):
+    monkeypatch.setenv("ARTIFACT_SIGNING_SECRET", "stable-secret-from-env")
+
+    settings = Settings()
+
+    assert settings.artifact_signing_secret == "stable-secret-from-env"
+
+
+def test_artifact_signing_secret_has_stable_development_default(monkeypatch):
+    monkeypatch.delenv("ARTIFACT_SIGNING_SECRET", raising=False)
+
+    first_settings = Settings()
+    second_settings = Settings()
+
+    assert first_settings.artifact_signing_secret == second_settings.artifact_signing_secret
+    assert first_settings.artifact_signing_secret == "dev-artifact-signing-secret-change-me"
+
+
 def test_staging_environment_defaults_to_safe_test_settings(monkeypatch):
     monkeypatch.setenv("APP_ENV", "staging")
     monkeypatch.delenv("OPENAI_API_KEY", raising=False)
@@ -70,9 +88,19 @@ def test_production_environment_requires_provider_configuration(monkeypatch):
         Settings()
 
 
+def test_production_environment_requires_artifact_signing_secret(monkeypatch):
+    monkeypatch.setenv("APP_ENV", "production")
+    monkeypatch.setenv("TEST_PROVIDER_MODE", "true")
+    monkeypatch.delenv("ARTIFACT_SIGNING_SECRET", raising=False)
+
+    with pytest.raises(ValueError, match="ARTIFACT_SIGNING_SECRET"):
+        Settings()
+
+
 def test_production_environment_allows_test_provider_when_enabled(monkeypatch):
     monkeypatch.setenv("APP_ENV", "production")
     monkeypatch.setenv("TEST_PROVIDER_MODE", "true")
+    monkeypatch.setenv("ARTIFACT_SIGNING_SECRET", "production-signing-secret")
 
     settings = Settings()