diff --git a/cmd/pulse-sensor-proxy/main.go b/cmd/pulse-sensor-proxy/main.go
index 089f948a1..4e236722e 100644
--- a/cmd/pulse-sensor-proxy/main.go
+++ b/cmd/pulse-sensor-proxy/main.go
@@ -106,6 +106,13 @@ const (
 	RPCRequestCleanup    = "request_cleanup"
 )
 
+// Privileged RPC methods that require host-level access (not accessible from containers)
+var privilegedMethods = map[string]bool{
+	RPCEnsureClusterKeys: true, // SSH key distribution
+	RPCRegisterNodes:     true, // Node registration
+	RPCRequestCleanup:    true, // Cleanup operations
+}
+
 // RPCRequest represents a request from Pulse
 type RPCRequest struct {
 	CorrelationID string                 `json:"correlation_id,omitempty"`
@@ -388,6 +395,20 @@ func (p *Proxy) handleConnection(conn net.Conn) {
 		return
 	}
 
+	// Check if method requires host-level privileges
+	if privilegedMethods[req.Method] {
+		// Privileged methods can only be called from host (not from containers)
+		if p.isIDMappedRoot(cred) {
+			resp.Error = "method requires host-level privileges"
+			logger.Warn().
+				Str("method", req.Method).
+				Msg("Container attempted to call privileged method")
+			p.sendResponse(conn, resp)
+			p.metrics.rpcRequests.WithLabelValues(req.Method, "unauthorized").Inc()
+			return
+		}
+	}
+
 	// Execute handler
 	result, err := handler(ctx, &req, logger)
 	if err != nil {