diff --git a/app/controlplane/pkg/biz/workflowrun.go b/app/controlplane/pkg/biz/workflowrun.go
index 36b7c699b..02e6e29ac 100644
--- a/app/controlplane/pkg/biz/workflowrun.go
+++ b/app/controlplane/pkg/biz/workflowrun.go
@@ -323,14 +323,18 @@ func (uc *WorkflowRunUseCase) SaveAttestation(ctx context.Context, id string, en
 	}
 
 	// verify attestation (only if chainloop is the signer)
-	result, err := uc.verifyBundle(ctx, rawContent)
+	validation, err := uc.verifyBundle(ctx, rawContent)
 	if err != nil {
-		return nil, err
+		if !errors.Is(err, verifier.ErrInvalidBundle) {
+			return nil, err
+		}
+		// invalid bundle is expected for old attestations so we skip validation
+		uc.logger.Warn("received an old attestation format, not a bundle: attestation verification skipped", "error", err)
 	}
 
 	// if it's verifiable, make sure it passed
-	if result != nil && !result.Result {
-		return nil, NewErrValidation(fmt.Errorf("attestation verification failed: %s", result.FailureReason))
+	if validation != nil && !validation.Result {
+		return nil, NewErrValidation(fmt.Errorf("attestation verification failed: %s", validation.FailureReason))
 	}
 
 	// Run some validations on the predicate
@@ -475,6 +479,10 @@ func (uc *WorkflowRunUseCase) verifyBundle(ctx context.Context, bundle []byte) (
 			return nil, nil
 		}
 
+		if errors.Is(err, verifier.ErrInvalidBundle) {
+			return nil, err
+		}
+
 		return &VerificationResult{Result: false, FailureReason: err.Error()}, nil
 	}
 	return &VerificationResult{Result: true}, nil
diff --git a/pkg/attestation/verifier/verifier.go b/pkg/attestation/verifier/verifier.go
index 903d3372e..4db79b0c6 100644
--- a/pkg/attestation/verifier/verifier.go
+++ b/pkg/attestation/verifier/verifier.go
@@ -38,6 +38,7 @@ type TrustedRoot struct {
 }
 
 var ErrMissingVerificationMaterial = errors.New("missing material")
+var ErrInvalidBundle = errors.New("invalid bundle")
 
 func VerifyBundle(ctx context.Context, bundleBytes []byte, tr *TrustedRoot) error {
 	if bundleBytes == nil {
@@ -47,7 +48,7 @@ func VerifyBundle(ctx context.Context, bundleBytes []byte, tr *TrustedRoot) erro
 	bundle := new(protobundle.Bundle)
 	// unmarshal and validate
 	if err := protojson.Unmarshal(bundleBytes, bundle); err != nil {
-		return fmt.Errorf("invalid bundle: %w", err)
+		return fmt.Errorf("%w: %w", err, ErrInvalidBundle)
 	}
 
 	// fix for old attestations