diff --git a/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/authc/ApiKeyIntegTests.java b/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/authc/ApiKeyIntegTests.java
index a2624cc1fdca1..0c67b94bca8af 100644
--- a/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/authc/ApiKeyIntegTests.java
+++ b/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/authc/ApiKeyIntegTests.java
@@ -101,6 +101,7 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Set;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.ExecutionException;
@@ -1744,7 +1745,9 @@ public void testNoopUpdateApiKey() throws ExecutionException, InterruptedExcepti
         final var initialRequest = new UpdateApiKeyRequest(
             apiKeyId,
             List.of(new RoleDescriptor(randomAlphaOfLength(10), new String[] { "all" }, null, null)),
-            ApiKeyTests.randomMetadata()
+            // Ensure not `null` to set metadata since we use the initialRequest further down in the test to ensure that
+            // metadata updates are non-noops
+            randomValueOtherThanMany(Objects::isNull, ApiKeyTests::randomMetadata)
         );
         UpdateApiKeyResponse response = executeUpdateApiKey(TEST_USER_NAME, initialRequest);
         assertNotNull(response);
@@ -1772,11 +1775,11 @@ public void testNoopUpdateApiKey() throws ExecutionException, InterruptedExcepti
         // Update with different role descriptors is not a noop
         final List<RoleDescriptor> newRoleDescriptors = List.of(
             randomValueOtherThanMany(
-                rd -> (RoleDescriptorRequestValidator.validate(rd) != null) && initialRequest.getRoleDescriptors().contains(rd) == false,
+                rd -> RoleDescriptorRequestValidator.validate(rd) != null || initialRequest.getRoleDescriptors().contains(rd),
                 () -> RoleDescriptorTests.randomRoleDescriptor(false)
             ),
             randomValueOtherThanMany(
-                rd -> (RoleDescriptorRequestValidator.validate(rd) != null) && initialRequest.getRoleDescriptors().contains(rd) == false,
+                rd -> RoleDescriptorRequestValidator.validate(rd) != null || initialRequest.getRoleDescriptors().contains(rd),
                 () -> RoleDescriptorTests.randomRoleDescriptor(false)
             )
         );