diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 1a1f80f..43ffcaf 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -268,9 +268,9 @@ case Accounts.User
      |> Ash.read_one(domain: Mv.Accounts, authorize?: false) do
   {:ok, existing_system_user} when not is_nil(existing_system_user) ->
     # System user already exists - ensure it has admin role
-    # Use authorize?: false for bootstrap
+    # Use authorize?: false for bootstrap; :update_internal bypasses system-user modification block
     existing_system_user
-    |> Ash.Changeset.for_update(:update, %{})
+    |> Ash.Changeset.for_update(:update_internal, %{})
     |> Ash.Changeset.manage_relationship(:role, admin_role, type: :append_and_remove)
     |> Ash.update!(authorize?: false)
 
@@ -287,7 +287,7 @@ case Accounts.User
       upsert_identity: :unique_email,
       authorize?: false
     )
-    |> Ash.Changeset.for_update(:update, %{})
+    |> Ash.Changeset.for_update(:update_internal, %{})
     |> Ash.Changeset.manage_relationship(:role, admin_role, type: :append_and_remove)
     |> Ash.update!(authorize?: false)