diff --git a/integration/kubernetes/confidential/agent_image.bats b/integration/kubernetes/confidential/agent_image.bats
index 2168811bb..ae83ffb25 100644
--- a/integration/kubernetes/confidential/agent_image.bats
+++ b/integration/kubernetes/confidential/agent_image.bats
@@ -110,6 +110,24 @@ setup() {
 	assert_logs_contain "kata" 'Validate image failed: \[PublicKeyVerifier { key: ECDSA_P256_SHA256_ASN1'
 }
 
+@test "$test_tag Test cannot pull an image from an authenticated registry without credentials" {
+	# TODO - anyway to reset nydus credentials?
+	pod_config="$(new_pod_config "${image_authenticated}")"
+	echo "Pod config: ${pod_config}"
+
+	# Print the logs 
+	echo "-- Kata logs:"
+	sudo journalctl -xe -t kata --since "$test_start_date" -n 100000
+
+	echo "-- containerd logs:"
+	sudo journalctl -xe -t containerd --since "$test_start_date" -n 100000
+
+	echo "-- kubelet logs:"
+	sudo journalctl -xe -t kubelet --since "$test_start_date" -n 100000
+
+	assert_pod_fail "${pod_config}"
+	assert_logs_contain "containerd" 'failed to resolve reference \\"quay.io/kata-containers/confidential-containers-auth:test\\": pulling from host quay.io failed with status code \\[manifests test\\]: 401 UNAUTHORIZED'
+}
 
 @test "$test_tag Test pull an unencrypted unsigned image from an authenticated registry with correct credentials" {
 	kubectl delete secret cococred --ignore-not-found
@@ -154,24 +172,6 @@ setup() {
 	kubectl delete secret cococred --ignore-not-found
 }
 
-@test "$test_tag Test cannot pull an image from an authenticated registry without credentials" {
-	pod_config="$(new_pod_config "${image_authenticated}")"
-	echo "Pod config: ${pod_config}"
-
-	# Print the logs 
-	echo "-- Kata logs:"
-	sudo journalctl -xe -t kata --since "$test_start_date" -n 100000
-
-	echo "-- containerd logs:"
-	sudo journalctl -xe -t containerd --since "$test_start_date" -n 100000
-
-	echo "-- kubelet logs:"
-	sudo journalctl -xe -t kubelet --since "$test_start_date" -n 100000
-
-	assert_pod_fail "${pod_config}"
-	assert_logs_contain "containerd" 'failed to resolve reference \"quay.io/kata-containers/confidential-containers-auth:test\": pulling from host quay.io failed with status code \[manifests test\]: 401 UNAUTHORIZED'
-}
-
 teardown() {
 	teardown_common
 }