diff --git a/services/core/models/tests/integration/test_models_with_auth.py b/services/core/models/tests/integration/test_models_with_auth.py
index 902e991342..a5f378637b 100644
--- a/services/core/models/tests/integration/test_models_with_auth.py
+++ b/services/core/models/tests/integration/test_models_with_auth.py
@@ -19,7 +19,7 @@
 
 from contextlib import contextmanager
 from typing import Generator
-from unittest.mock import patch
+from unittest.mock import Mock, patch
 
 import pytest
 from nemo_platform import NeMoPlatform, PermissionDeniedError
@@ -1292,6 +1292,22 @@ class TestTrustRemoteCodePermission:
     trust_remote_code=True requires models.trust-remote-code.set.
     """
 
+    @pytest.fixture(autouse=True)
+    def _mock_hf_storage(self):
+        """Prevent real HuggingFace API calls during fileset creation.
+
+        These tests verify authorization logic, not HF connectivity.
+        Mocking the HfApi avoids rate-limit failures in CI.
+        """
+        with patch("nmp.core.files.app.backends.huggingface.HfApi") as mock_cls:
+            mock_api = Mock()
+            mock_repo_info = Mock()
+            mock_repo_info.sha = "abc123mocked"
+            mock_repo_info.siblings = []  # skip file metadata check
+            mock_api.repo_info.return_value = mock_repo_info
+            mock_cls.return_value = mock_api
+            yield
+
     def test_create_model_trust_remote_code_true_has_permission_succeeds(self, sdk: NeMoPlatform):
         """Create with trust_remote_code=True succeeds when principal has models.trust-remote-code.set (repo not on allow list)."""
         workspace = short_unique_name("trc-has")