diff --git a/charts/shield/Chart.yaml b/charts/shield/Chart.yaml
index 49221b8d9..b5609f866 100644
--- a/charts/shield/Chart.yaml
+++ b/charts/shield/Chart.yaml
@@ -13,5 +13,5 @@ maintainers:
   - name: mavimo
     email: marcovito.moscaritolo@sysdig.com
 type: application
-version: 1.37.1
+version: 1.37.2
 appVersion: "1.0.0"
diff --git a/charts/shield/templates/cluster/openshift-securitycontextconstraint.yaml b/charts/shield/templates/cluster/openshift-securitycontextconstraint.yaml
index 39b735998..239e6ee25 100644
--- a/charts/shield/templates/cluster/openshift-securitycontextconstraint.yaml
+++ b/charts/shield/templates/cluster/openshift-securitycontextconstraint.yaml
@@ -13,8 +13,9 @@ allowHostIPC: false
 allowHostNetwork: true
 allowHostPID: true
 allowHostPorts: {{ .Values.cluster.host_network }}
-allowPrivilegeEscalation: true
-allowPrivilegedContainer: true
+{{- $clusterPrivileged := not (include "cluster.is_single_process_mode" .) }}
+allowPrivilegeEscalation: {{ $clusterPrivileged }}
+allowPrivilegedContainer: {{ $clusterPrivileged }}
 allowedCapabilities: []
 defaultAddCapabilities: []
 fsGroup:
diff --git a/charts/shield/tests/cluster/openshift-securitycontextconstraint_test.yaml b/charts/shield/tests/cluster/openshift-securitycontextconstraint_test.yaml
index c80759cce..d72604227 100644
--- a/charts/shield/tests/cluster/openshift-securitycontextconstraint_test.yaml
+++ b/charts/shield/tests/cluster/openshift-securitycontextconstraint_test.yaml
@@ -74,3 +74,44 @@ tests:
       - equal:
           path: allowHostPorts
           value: true
+
+  - it: SecurityContextConstraints - allowPrivilegeEscalation/allowPrivilegedContainer are true in default (multi-process) mode
+    capabilities:
+      apiVersions:
+        - security.openshift.io/v1
+    asserts:
+      - equal:
+          path: allowPrivilegeEscalation
+          value: true
+      - equal:
+          path: allowPrivilegedContainer
+          value: true
+
+  - it: SecurityContextConstraints - allowPrivilegeEscalation/allowPrivilegedContainer are false in single-process mode
+    capabilities:
+      apiVersions:
+        - security.openshift.io/v1
+    set:
+      cluster:
+        run_mode: single-process
+    asserts:
+      - equal:
+          path: allowPrivilegeEscalation
+          value: false
+      - equal:
+          path: allowPrivilegedContainer
+          value: false
+
+  - it: SecurityContextConstraints - allowPrivilegeEscalation/allowPrivilegedContainer are false on GKE Autopilot
+    capabilities:
+      apiVersions:
+        - security.openshift.io/v1
+    values:
+      - ../values/gke-autopilot.yaml
+    asserts:
+      - equal:
+          path: allowPrivilegeEscalation
+          value: false
+      - equal:
+          path: allowPrivilegedContainer
+          value: false