diff --git a/app/models/ci/runner.rb b/app/models/ci/runner.rb
index fc0fd858b60d9c2f0b7f040c358f92ff159b7ae4..790c085fedc7976173553cca1d8e7305bf9e8867 100644
--- a/app/models/ci/runner.rb
+++ b/app/models/ci/runner.rb
@@ -413,8 +413,10 @@ def short_sha
 
       # We want to show the first characters of the hash, so we need to bypass any fixed components of the token,
       # such as CREATED_RUNNER_TOKEN_PREFIX or partition_id_prefix_in_16_bit_encode
+      partition_prefix = partition_id_prefix_in_16_bit_encode
       start_index = authenticated_user_registration_type? ? CREATED_RUNNER_TOKEN_PREFIX.length : 0
-      token[start_index..start_index + RUNNER_SHORT_SHA_LENGTH].delete_prefix(partition_id_prefix_in_16_bit_encode)
+      start_index += partition_prefix.length if token[start_index..].start_with?(partition_prefix)
+      token[start_index..start_index + RUNNER_SHORT_SHA_LENGTH - 1]
     end
 
     def tag_list
diff --git a/spec/models/ci/runner_spec.rb b/spec/models/ci/runner_spec.rb
index 8567ed906d7634653f993a1683eb385110d3b435..212714de784cfa18cc579533fe56d07667c1e735 100644
--- a/spec/models/ci/runner_spec.rb
+++ b/spec/models/ci/runner_spec.rb
@@ -1697,6 +1697,7 @@ def does_db_update
       let(:runner) { create(:ci_runner) }
 
       specify { expect(runner.token).not_to start_with(described_class::CREATED_RUNNER_TOKEN_PREFIX) }
+      it { is_expected.to match(/[0-9a-zA-Z_-]{8}/) }
       it { is_expected.not_to start_with('t1_') }
       it { is_expected.not_to start_with(described_class::CREATED_RUNNER_TOKEN_PREFIX) }
     end
@@ -1705,6 +1706,7 @@ def does_db_update
       let(:runner) { create(:ci_runner, registration_type: :authenticated_user) }
 
       specify { expect(runner.token).to start_with(described_class::CREATED_RUNNER_TOKEN_PREFIX) }
+      it { is_expected.to match(/[0-9a-zA-Z_-]{8}/) }
       it { is_expected.not_to start_with('t1_') }
       it { is_expected.not_to start_with(described_class::CREATED_RUNNER_TOKEN_PREFIX) }
     end