diff --git a/pkg/fanal/secret/builtin-rules.go b/pkg/fanal/secret/builtin-rules.go
index 6d0c0eacfdcd..cada98d6681a 100644
--- a/pkg/fanal/secret/builtin-rules.go
+++ b/pkg/fanal/secret/builtin-rules.go
@@ -165,7 +165,7 @@ var builtinRules = []Rule{
 		Category: CategoryHuggingFace,
 		Severity: "CRITICAL",
 		Title:    "Hugging Face Access Token",
-		Regex:    MustCompile(`hf_[A-Za-z0-9]{39}`),
+		Regex:    MustCompile(`hf_[A-Za-z0-9]{34,40}`),
 		Keywords: []string{"hf_"},
 	},
 	{