diff --git a/src/agents/run_config.py b/src/agents/run_config.py
index fc0eb2b17d..73428963d4 100644
--- a/src/agents/run_config.py
+++ b/src/agents/run_config.py
@@ -28,7 +28,7 @@
 
 def _default_trace_include_sensitive_data() -> bool:
     """Return the default for trace_include_sensitive_data based on environment."""
-    val = os.getenv("OPENAI_AGENTS_TRACE_INCLUDE_SENSITIVE_DATA", "true")
+    val = os.getenv("OPENAI_AGENTS_TRACE_INCLUDE_SENSITIVE_DATA", "false")
     return val.strip().lower() in ("1", "true", "yes", "on")
 
 
diff --git a/src/agents/voice/pipeline_config.py b/src/agents/voice/pipeline_config.py
index eed2ab6940..d0ffb2d865 100644
--- a/src/agents/voice/pipeline_config.py
+++ b/src/agents/voice/pipeline_config.py
@@ -22,9 +22,10 @@ class VoicePipelineConfig:
     tracing: TracingConfig | None = None
     """Tracing configuration for this pipeline."""
 
-    trace_include_sensitive_data: bool = True
-    """Whether to include sensitive data in traces. Defaults to `True`. This is specifically for the
-      voice pipeline, and not for anything that goes on inside your Workflow."""
+    trace_include_sensitive_data: bool = False
+    """Whether to include sensitive data in traces. Defaults to `False` for security. When enabled,
+      tool inputs/outputs and LLM generations may be exposed in traces. Only enable in trusted
+      environments."""
 
     trace_include_sensitive_audio_data: bool = True
     """Whether to include audio data in traces. Defaults to `True`."""
diff --git a/tests/test_run_config.py b/tests/test_run_config.py
index 31d6d0a46a..059da1b43a 100644
--- a/tests/test_run_config.py
+++ b/tests/test_run_config.py
@@ -88,11 +88,11 @@ async def test_agent_model_object_is_used_when_present() -> None:
     assert result.final_output == "from-agent-object"
 
 
-def test_trace_include_sensitive_data_defaults_to_true_when_env_not_set(monkeypatch):
-    """By default, trace_include_sensitive_data should be True when the env is not set."""
+def test_trace_include_sensitive_data_defaults_to_false_when_env_not_set(monkeypatch):
+    """By default, trace_include_sensitive_data should be False for security when the env is not set."""
     monkeypatch.delenv("OPENAI_AGENTS_TRACE_INCLUDE_SENSITIVE_DATA", raising=False)
     config = RunConfig()
-    assert config.trace_include_sensitive_data is True
+    assert config.trace_include_sensitive_data is False
 
 
 @pytest.mark.parametrize(