diff --git a/rs/tests/boundary_nodes/rate_limit_canister_test.rs b/rs/tests/boundary_nodes/rate_limit_canister_test.rs
index f19a986510ab..b03d9c6fa443 100644
--- a/rs/tests/boundary_nodes/rate_limit_canister_test.rs
+++ b/rs/tests/boundary_nodes/rate_limit_canister_test.rs
@@ -15,7 +15,6 @@ Runbook:
 9.  Retry step 6 and assert it succeeds.
 10. Verify that the agent can no longer send requests to the counter canister after API boundary node enforces the new rule.
 11. Add a rate-limit rule, which explicitly unblocks requests to the counter canister.
-    Setting this rule should still be possible despite the rate-limit canister being blocked itself (as there is an explicit allow-rule in the ic-boundary).
 12. Verify that the agent can send requests to the counter canister again, ensuring that updated rate-limit rules are enforced correctly by API boundary nodes.
 
 end::catalog[] */
@@ -263,8 +262,15 @@ async fn test_async(env: TestEnv) {
         "Step 9. Assert adding two rate-limit rules to the rate-limit canister now succeeds"
     );
 
+    // Use nns_agent (direct to NNS node) instead of api_bn_agent to avoid a race condition:
+    // call_and_wait() first submits the update (which adds a self-blocking rule for the
+    // rate-limit canister), then polls for the result. If the API boundary node picks up
+    // the new self-blocking rule before polling completes, the poll is rejected with 403.
+    let mut nns_agent = nns_node.build_default_agent_async().await;
+    nns_agent.set_identity(full_access_identity);
+
     set_rate_limit_rules(
-        &api_bn_agent,
+        &nns_agent,
         rate_limit_id,
         vec![
             InputRule {
@@ -334,9 +340,6 @@ async fn test_async(env: TestEnv) {
     );
 
     // api_bn_agent can't communicate with canister after blocking, hence we use nns_agent
-    let mut nns_agent = nns_node.build_default_agent_async().await;
-    nns_agent.set_identity(full_access_identity);
-
     set_rate_limit_rules(
         &nns_agent,
         rate_limit_id,