diff --git a/ee/lib/ai/duo_workflow/duo_workflow_service/client.rb b/ee/lib/ai/duo_workflow/duo_workflow_service/client.rb
index 463c654ef0c8c1dd32cebb27f3225f6590b076c3..6ab1ac8d76ccd88589aca5310482bff50e7ad312 100644
--- a/ee/lib/ai/duo_workflow/duo_workflow_service/client.rb
+++ b/ee/lib/ai/duo_workflow/duo_workflow_service/client.rb
@@ -40,11 +40,8 @@ def generate_token
         def metadata
           {
             "authorization" => "Bearer #{token}",
-            "x-gitlab-authentication-type" => "oidc",
-            'x-gitlab-instance-id' => ::Gitlab::GlobalAnonymousId.instance_id,
-            'x-gitlab-realm' => ::CloudConnector.gitlab_realm,
-            'x-gitlab-global-user-id' => ::Gitlab::GlobalAnonymousId.user_id(current_user)
-          }
+            "x-gitlab-authentication-type" => "oidc"
+          }.merge(::CloudConnector.ai_headers(current_user))
         end
 
         def token
diff --git a/ee/spec/lib/ai/duo_workflow/duo_workflow_service/client_spec.rb b/ee/spec/lib/ai/duo_workflow/duo_workflow_service/client_spec.rb
index ea51e0dbdecc6d75601fda9d61c9e4cc055c204b..ebe28db569bbe311e129440fe055bcfb01e9ea10 100644
--- a/ee/spec/lib/ai/duo_workflow/duo_workflow_service/client_spec.rb
+++ b/ee/spec/lib/ai/duo_workflow/duo_workflow_service/client_spec.rb
@@ -11,6 +11,7 @@
   let(:response) { double(token: 'a user jwt', expiresAt: 'a timestamp') } # rubocop:disable RSpec/VerifiedDoubles -- instance_double keeps raising error  the DuoWorkflowService::GenerateTokenResponse class does not implement the class method: token
   let(:channel_credentials) { instance_of(GRPC::Core::ChannelCredentials) }
   let(:cloud_connector_service_data_double) { instance_of(CloudConnector::SelfSigned::AvailableServiceData) }
+  let(:fake_headers) { { 'x-fake-header1' => 'Value1', 'x-fake-header2' => 'Value2' } }
 
   subject(:client) do
     described_class.new(
@@ -28,20 +29,21 @@
     allow(DuoWorkflowService::DuoWorkflow::Stub).to receive(:new).with(anything, channel_credentials).and_return(stub)
     allow(stub).to receive(:generate_token).and_return(response)
     allow(DuoWorkflowService::GenerateTokenRequest).to receive(:new).and_return(request)
+    allow(::CloudConnector).to receive(:ai_headers).with(current_user).and_return(fake_headers)
   end
 
   describe '#generate_token' do
     it 'sends the correct metadata hash' do
       client.generate_token
 
+      expect(::CloudConnector).to have_received(:ai_headers).with(current_user)
       expect(stub).to have_received(:generate_token).with(
         request,
         metadata: {
           "authorization" => "Bearer instance jwt",
           "x-gitlab-authentication-type" => "oidc",
-          'x-gitlab-instance-id' => ::Gitlab::GlobalAnonymousId.instance_id,
-          'x-gitlab-realm' => ::CloudConnector.gitlab_realm,
-          'x-gitlab-global-user-id' => ::Gitlab::GlobalAnonymousId.user_id(current_user)
+          'x-fake-header1' => 'Value1',
+          'x-fake-header2' => 'Value2'
         }
       )
     end