diff --git a/agent/integration/job_verification_integration_test.go b/agent/integration/job_verification_integration_test.go
index 2616c44f03..87643c1fb8 100644
--- a/agent/integration/job_verification_integration_test.go
+++ b/agent/integration/job_verification_integration_test.go
@@ -423,17 +423,32 @@ func TestJobVerification(t *testing.T) {
 		},
 		{
 			name:                     "when the step has a signature, but the JobRunner doesn't have a verification key, it fails signature verification",
-			agentConf:                agent.AgentConfiguration{},
+			agentConf:                agent.AgentConfiguration{VerificationFailureBehaviour: agent.VerificationBehaviourBlock},
 			job:                      job,
 			repositoryURL:            defaultRepositoryURL,
 			signingKey:               symmetricJWKFor(t, signingKeyLlamas),
 			verificationJWKS:         nil,
 			mockBootstrapExpectation: func(bt *bintest.Mock) { bt.Expect().NotCalled() },
 			expectedExitStatus:       "-1",
-			expectedSignalReason:     agent.SignalReasonSignatureRejected,
+			expectedSignalReason:     agent.SignalReasonUnableToVerifySignature,
+			expectLogsContain: []string{
+				"+++ ⛔",
+				"cannot verify signature. JWK for pipeline verification is not configured",
+			},
+		},
+		{
+			name:                     "when the step has a signature, but the JobRunner doesn't have a verification key, and JobVerificationFailureBehaviour is warn, it warns and runs the job",
+			agentConf:                agent.AgentConfiguration{VerificationFailureBehaviour: agent.VerificationBehaviourWarn},
+			job:                      job,
+			repositoryURL:            defaultRepositoryURL,
+			signingKey:               symmetricJWKFor(t, signingKeyLlamas),
+			verificationJWKS:         nil,
+			mockBootstrapExpectation: func(bt *bintest.Mock) { bt.Expect().Once().AndExitWith(0) },
+			expectedExitStatus:       "0",
+			expectedSignalReason:     "",
 			expectLogsContain: []string{
 				"+++ ⛔",
-				"but no verification key was provided",
+				"cannot verify signature. JWK for pipeline verification is not configured",
 			},
 		},
 		{
diff --git a/agent/run_job.go b/agent/run_job.go
index 4fb3fe4684..6caa3ae92d 100644
--- a/agent/run_job.go
+++ b/agent/run_job.go
@@ -24,11 +24,12 @@ import (
 )
 
 const (
-	SignalReasonAgentRefused      = "agent_refused"
-	SignalReasonAgentStop         = "agent_stop"
-	SignalReasonCancel            = "cancel"
-	SignalReasonSignatureRejected = "signature_rejected"
-	SignalReasonProcessRunError   = "process_run_error"
+	SignalReasonAgentRefused            = "agent_refused"
+	SignalReasonAgentStop               = "agent_stop"
+	SignalReasonCancel                  = "cancel"
+	SignalReasonSignatureRejected       = "signature_rejected"
+	SignalReasonUnableToVerifySignature = "unable_to_verify_signature"
+	SignalReasonProcessRunError         = "process_run_error"
 )
 
 type missingKeyError struct {
@@ -92,11 +93,14 @@ func (r *JobRunner) Run(ctx context.Context) error {
 	if r.conf.JWKS == nil && job.Step.Signature != nil {
 		r.verificationFailureLogs(
 			VerificationBehaviourBlock,
-			&missingKeyError{signature: job.Step.Signature.Value},
+			fmt.Errorf("cannot verify signature. JWK for pipeline verification is not configured"),
 		)
-		exit.Status = -1
-		exit.SignalReason = SignalReasonSignatureRejected
-		return nil
+
+		if r.VerificationFailureBehavior == VerificationBehaviourBlock {
+			exit.Status = -1
+			exit.SignalReason = SignalReasonUnableToVerifySignature
+			return nil
+		}
 	}
 
 	if r.conf.JWKS != nil {