diff --git a/.github/workflows/build-uv-cache.yml b/.github/workflows/build-uv-cache.yml
new file mode 100644
index 000000000..ec0670c13
--- /dev/null
+++ b/.github/workflows/build-uv-cache.yml
@@ -0,0 +1,46 @@
+name: Build uv cache
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "uv.lock"
+      - "pyproject.toml"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  build-cache:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+        with:
+          version: "0.8.4"
+          python-version: ${{ matrix.python-version }}
+          enable-cache: false
+
+      - name: Install dependencies and populate cache
+        run: |
+          echo "Building global UV cache for Python ${{ matrix.python-version }}..."
+          uv sync --all-groups --all-extras --no-install-project
+          echo "Cache populated successfully"
+
+      - name: Save uv caches
+        uses: actions/cache/save@v4
+        with:
+          path: |
+            ~/.cache/uv
+            ~/.local/share/uv
+            .venv
+          key: uv-main-py${{ matrix.python-version }}-${{ hashFiles('uv.lock') }}
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 3e7601177..33a24b1c7 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -2,6 +2,9 @@ name: Lint
 
 on: [pull_request]
 
+permissions:
+  contents: read
+
 jobs:
   lint:
     runs-on: ubuntu-latest
@@ -15,19 +18,27 @@ jobs:
       - name: Fetch Target Branch
         run: git fetch origin $TARGET_BRANCH --depth=1
 
+      - name: Restore global uv cache
+        id: cache-restore
+        uses: actions/cache/restore@v4
+        with:
+          path: |
+            ~/.cache/uv
+            ~/.local/share/uv
+            .venv
+          key: uv-main-py3.11-${{ hashFiles('uv.lock') }}
+          restore-keys: |
+            uv-main-py3.11-
+
       - name: Install uv
         uses: astral-sh/setup-uv@v6
         with:
-          enable-cache: true
-          cache-dependency-glob: |
-            **/pyproject.toml
-            **/uv.lock
-
-      - name: Set up Python
-        run: uv python install 3.11
+          version: "0.8.4"
+          python-version: "3.11"
+          enable-cache: false
 
       - name: Install dependencies
-        run: uv sync --dev --no-install-project
+        run: uv sync --all-groups --all-extras --no-install-project
 
       - name: Get Changed Python Files
         id: changed-files
@@ -45,3 +56,13 @@ jobs:
             | tr ' ' '\n' \
             | grep -v 'src/crewai/cli/templates/' \
             | xargs -I{} uv run ruff check "{}"
+
+      - name: Save uv caches
+        if: steps.cache-restore.outputs.cache-hit != 'true'
+        uses: actions/cache/save@v4
+        with:
+          path: |
+            ~/.cache/uv
+            ~/.local/share/uv
+            .venv
+          key: uv-main-py3.11-${{ hashFiles('uv.lock') }}
diff --git a/.github/workflows/security-checker.yml b/.github/workflows/security-checker.yml
deleted file mode 100644
index 5fcc47b71..000000000
--- a/.github/workflows/security-checker.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-name: Security Checker
-
-on: [pull_request]
-
-jobs:
-  security-check:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Install uv
-        uses: astral-sh/setup-uv@v6
-        with:
-          enable-cache: true
-          cache-dependency-glob: |
-            **/pyproject.toml
-            **/uv.lock
-
-      - name: Set up Python
-        run: uv python install 3.11
-
-      - name: Install dependencies
-        run: uv sync --dev --no-install-project
-
-      - name: Run Bandit
-        run: uv run bandit -c pyproject.toml -r src/ -ll
-
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index c5c577b10..a5b860c9e 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -3,7 +3,7 @@ name: Run Tests
 on: [pull_request]
 
 permissions:
-  contents: write
+  contents: read
 
 env:
   OPENAI_API_KEY: fake-api-key
@@ -23,19 +23,27 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Restore global uv cache
+        id: cache-restore
+        uses: actions/cache/restore@v4
+        with:
+          path: |
+            ~/.cache/uv
+            ~/.local/share/uv
+            .venv
+          key: uv-main-py${{ matrix.python-version }}-${{ hashFiles('uv.lock') }}
+          restore-keys: |
+            uv-main-py${{ matrix.python-version }}-
+
       - name: Install uv
         uses: astral-sh/setup-uv@v6
         with:
-          enable-cache: true
-          cache-dependency-glob: |
-            **/pyproject.toml
-            **/uv.lock
-
-      - name: Set up Python ${{ matrix.python-version }}
-        run: uv python install ${{ matrix.python-version }}
+          version: "0.8.4"
+          python-version: ${{ matrix.python-version }}
+          enable-cache: false
 
       - name: Install the project
-        run: uv sync --dev --all-extras
+        run: uv sync --all-groups --all-extras
 
       - name: Run tests (group ${{ matrix.group }} of 8)
         run: |
@@ -48,3 +56,13 @@ jobs:
             --durations=10 \
             -n auto \
             --maxfail=3
+
+      - name: Save uv caches
+        if: steps.cache-restore.outputs.cache-hit != 'true'
+        uses: actions/cache/save@v4
+        with:
+          path: |
+            ~/.cache/uv
+            ~/.local/share/uv
+            .venv
+          key: uv-main-py${{ matrix.python-version }}-${{ hashFiles('uv.lock') }}
diff --git a/.github/workflows/type-checker.yml b/.github/workflows/type-checker.yml
index a403aa340..03a5841a0 100644
--- a/.github/workflows/type-checker.yml
+++ b/.github/workflows/type-checker.yml
@@ -3,7 +3,7 @@ name: Run Type Checks
 on: [pull_request]
 
 permissions:
-  contents: write
+  contents: read
 
 jobs:
   type-checker-matrix:
@@ -20,19 +20,27 @@ jobs:
         with:
           fetch-depth: 0 # Fetch all history for proper diff
 
+      - name: Restore global uv cache
+        id: cache-restore
+        uses: actions/cache/restore@v4
+        with:
+          path: |
+            ~/.cache/uv
+            ~/.local/share/uv
+            .venv
+          key: uv-main-py${{ matrix.python-version }}-${{ hashFiles('uv.lock') }}
+          restore-keys: |
+            uv-main-py${{ matrix.python-version }}-
+
       - name: Install uv
         uses: astral-sh/setup-uv@v6
         with:
-          enable-cache: true
-          cache-dependency-glob: |
-            **/pyproject.toml
-            **/uv.lock
-
-      - name: Set up Python ${{ matrix.python-version }}
-        run: uv python install ${{ matrix.python-version }}
+          version: "0.8.4"
+          python-version: ${{ matrix.python-version }}
+          enable-cache: false
 
       - name: Install dependencies
-        run: uv sync --dev --all-extras --no-install-project
+        run: uv sync --all-groups --all-extras
 
       - name: Get changed Python files
         id: changed-files
@@ -66,6 +74,16 @@ jobs:
         if: steps.changed-files.outputs.has_changes == 'false'
         run: echo "No Python files in src/ were modified - skipping type checks"
 
+      - name: Save uv caches
+        if: steps.cache-restore.outputs.cache-hit != 'true'
+        uses: actions/cache/save@v4
+        with:
+          path: |
+            ~/.cache/uv
+            ~/.local/share/uv
+            .venv
+          key: uv-main-py${{ matrix.python-version }}-${{ hashFiles('uv.lock') }}
+
   # Summary job to provide single status for branch protection
   type-checker:
     name: type-checker