diff --git a/DUO_WORKFLOW_EXECUTOR_VERSION b/DUO_WORKFLOW_EXECUTOR_VERSION
new file mode 100644
index 0000000000000000000000000000000000000000..ba2906d0666cf726c7eaadd2cd3db615dedfdf3a
--- /dev/null
+++ b/DUO_WORKFLOW_EXECUTOR_VERSION
@@ -0,0 +1 @@
+main
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 811e9fb2b9f74205858ea77b382c55a6a47d06a2..db5e722a54f95a8ba17521e60e50c3fbaff0556f 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -1028,7 +1028,9 @@
 Gitlab.ee do
   Settings['duo_workflow'] ||= {}
   Settings.duo_workflow.reverse_merge!(
-    secure: true
+    secure: true,
+    executor_binary_url: 'https://gitlab.com/api/v4/projects/58711783/releases/permalink/latest',
+    executor_version: 'latest'
   )
 
   # Default to proxy via Cloud Connector
diff --git a/ee/lib/api/ai/duo_workflows/workflows.rb b/ee/lib/api/ai/duo_workflows/workflows.rb
index 3fcd38188cae2c8cf8b9ded9ef7880c245241eee..a83e7cb6b54dbeb3f9ab8d1046ef530c3763ef8d 100644
--- a/ee/lib/api/ai/duo_workflows/workflows.rb
+++ b/ee/lib/api/ai/duo_workflows/workflows.rb
@@ -69,6 +69,10 @@ def authorize_run_workflows!(project)
                     token: duo_workflow_token_result[:token],
                     headers: Gitlab::DuoWorkflow::Client.headers(user: current_user),
                     secure: Gitlab::DuoWorkflow::Client.secure?
+                  },
+                  duo_workflow_executor: {
+                    executor_binary_url: Gitlab::DuoWorkflow::Executor.executor_binary_url,
+                    version: Gitlab::DuoWorkflow::Executor.version
                   }
                 }
 
diff --git a/ee/lib/gitlab/duo_workflow/executor.rb b/ee/lib/gitlab/duo_workflow/executor.rb
new file mode 100644
index 0000000000000000000000000000000000000000..c2fc76c02b6c12ada9292fb1d6a2afede2a0aa4f
--- /dev/null
+++ b/ee/lib/gitlab/duo_workflow/executor.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module DuoWorkflow
+    class Executor
+      def self.executor_binary_url
+        Gitlab.config.duo_workflow.executor_binary_url
+      end
+
+      def self.version
+        Gitlab.config.duo_workflow.executor_version
+      end
+    end
+  end
+end
diff --git a/ee/spec/lib/gitlab/duo_workflow/executor_spec.rb b/ee/spec/lib/gitlab/duo_workflow/executor_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..bc9a7b0fae1f562832ac7f10941d0bb8247686ad
--- /dev/null
+++ b/ee/spec/lib/gitlab/duo_workflow/executor_spec.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ::Gitlab::DuoWorkflow::Executor, feature_category: :duo_workflow do
+  before do
+    stub_config(
+      duo_workflow: {
+        executor_binary_url: 'https://example.com/executor',
+        executor_version: 'v1.2.3'
+      }
+    )
+  end
+
+  describe '.executor_binary_url' do
+    it 'returns the executor binary URL from config' do
+      expect(described_class.executor_binary_url).to eq('https://example.com/executor')
+    end
+  end
+
+  describe '.version' do
+    it 'returns the executor version from config' do
+      expect(described_class.version).to eq('v1.2.3')
+    end
+  end
+end
diff --git a/ee/spec/requests/api/ai/duo_workflows/workflows_spec.rb b/ee/spec/requests/api/ai/duo_workflows/workflows_spec.rb
index 16ab7ce1292310a43ed93a8d3f9a691a13c7e765..c442c42fb66b0aeff19bb81a7ec4ed3afede075f 100644
--- a/ee/spec/requests/api/ai/duo_workflows/workflows_spec.rb
+++ b/ee/spec/requests/api/ai/duo_workflows/workflows_spec.rb
@@ -147,6 +147,12 @@
 
     before do
       allow(Gitlab.config.duo_workflow).to receive(:service_url).and_return duo_workflow_service_url
+      stub_config(duo_workflow: {
+        executor_binary_url: 'https://example.com/executor',
+        service_url: duo_workflow_service_url,
+        executor_version: 'v1.2.3',
+        secure: true
+      })
     end
 
     context 'when the duo_workflows feature flag is disabled for the user' do
@@ -217,6 +223,8 @@
         expect(json_response['duo_workflow_service']['token']).to eq('duo_workflow_token')
         expect(json_response['duo_workflow_service']['headers']['header_key']).to eq("header_value")
         expect(json_response['duo_workflow_service']['secure']).to eq(Gitlab::DuoWorkflow::Client.secure?)
+        expect(json_response['duo_workflow_executor']['executor_binary_url']).to eq('https://example.com/executor')
+        expect(json_response['duo_workflow_executor']['version']).to eq('v1.2.3')
       end
 
       context 'when authenticated with a token that has the ai_workflows scope' do