diff --git a/crates/kingfisher-rules/data/rules/posthog.yml b/crates/kingfisher-rules/data/rules/posthog.yml
index 28fc6f5..904c202 100644
--- a/crates/kingfisher-rules/data/rules/posthog.yml
+++ b/crates/kingfisher-rules/data/rules/posthog.yml
@@ -1,45 +1,16 @@
 rules:
-  - name: PostHog Project API Key
-    id: kingfisher.posthog.1
-    pattern: | 
-      (?x)
-      (
-        phc_[a-zA-Z0-9_\-]{43}
-      )
-    min_entropy: 3.0
-    confidence: high
-    examples:
-      - "phc_E123456789012345678901234567890123456789012"
-    validation:
-      type: Http
-      content:
-        request:
-          method: POST
-          url: https://app.posthog.com/decide/?v=3
-          headers:
-            Content-Type: "application/json"
-          body: |
-            {"token": "{{ TOKEN }}", "distinct_id": "validation_check"}
-          response_matcher:
-            - type: WordMatch
-              words:
-                - '"isAuthenticated":false'
-              negative: true
-            - type: StatusMatch
-              status: [200]
-    references:
-      - https://posthog.com/docs/api/overview#authentication
   - name: PostHog Personal API Key
     id: kingfisher.posthog.2
     pattern: |
       (?x)
       (
-        phx_[a-zA-Z0-9_\-]{47}
+        phx_[A-Za-z0-9]{44,48}
       )
-    min_entropy: 3.0
-    confidence: high
+    min_entropy: 3.5
+    confidence: medium
     examples:
       - "phx_FNKCx83Ko0JQMuZH1zz94xgK798TCUybkf79ZKYKwKQWbEw"
+      - "phx_nxgX8CziTYtcmdR2xF3R046LBz49rHBXlYHJGCJEilfZIrl"
     validation:
       type: Http
       content:
@@ -51,9 +22,57 @@ rules:
             Content-Type: "application/json"
           response_matcher:
             - report_response: true
-            - type: WordMatch
-              words:
-                - "authentication_failed"
-              negative: true
+            - type: StatusMatch
+              status: [200]
+            - type: JsonValid
     references:
-      - https://posthog.com/docs/api/overview#authentication
\ No newline at end of file
+      - https://posthog.com/docs/api
+      - https://github.com/PostHog/posthog/blob/e408aac5debe02b39a6a67cfd028f16a2ca7bc90/posthog/models/utils.py#L260-L290
+
+  - name: PostHog Feature Flags Secure API Key
+    id: kingfisher.posthog.3
+    pattern: |
+      (?x)
+      (
+        phs_[A-Za-z0-9]{44,48}
+      )
+    min_entropy: 3.5
+    confidence: medium
+    examples:
+      - "phs_8BamSCGAJL4J0hBl2WmkcswecSArJAXO20xzcpYhdiPto9B"
+      - "phs_FsG1YzDpCu64PFUcbW1CiEEfiFg1IIBRsME3qqehpZ5GpoT"
+    references:
+      - https://posthog.com/docs/api
+      - https://github.com/PostHog/posthog/blob/e408aac5debe02b39a6a67cfd028f16a2ca7bc90/posthog/models/utils.py#L260-L290
+
+  - name: PostHog OAuth Access Token
+    id: kingfisher.posthog.4
+    pattern: |
+      (?x)
+      (
+        pha_[A-Za-z0-9]{40,43}
+      )
+    min_entropy: 3.5
+    confidence: medium
+    examples:
+      - "pha_XgrXUnvwyoPLmjwHES5lc8scZUtheBpa1QV1qmssutB"
+      - "pha_35kHVLA1E068nvrwUTgabkh8xvGGTpSpsVjGcpVNfis"
+    references:
+      - https://posthog.com/docs/api
+      - https://github.com/PostHog/posthog/blob/e408aac5debe02b39a6a67cfd028f16a2ca7bc90/posthog/models/utils.py#L260-L290
+
+  - name: PostHog OAuth Refresh Token
+    id: kingfisher.posthog.5
+    pattern: |
+      (?x)
+      (
+        phr_[A-Za-z0-9]{40,43}
+      )
+    min_entropy: 3.5
+    confidence: medium
+    examples:
+      - "phr_9csMsAjlUNEW3T9hjDELzJE7RFbNZjvfpZWmxeoksHV"
+      - "phr_cObbRbJqZpvTSr9UEyUG1NxQDfwKMNouxrEiwQuaoER"
+    references:
+      - https://posthog.com/docs/api
+      - https://github.com/PostHog/posthog/blob/e408aac5debe02b39a6a67cfd028f16a2ca7bc90/posthog/models/utils.py#L260-L290