diff --git a/docs/prds/0053-egress-dlp-addon.md b/docs/prds/0052-egress-dlp-addon.md
similarity index 99%
rename from docs/prds/0053-egress-dlp-addon.md
rename to docs/prds/0052-egress-dlp-addon.md
index d9027f6..8321342 100644
--- a/docs/prds/0053-egress-dlp-addon.md
+++ b/docs/prds/0052-egress-dlp-addon.md
@@ -1,4 +1,4 @@
-# PRD 0053: Egress DLP addon
+# PRD 0052: Egress DLP addon
 
 - **Status:** Active
 - **Author:** claude
@@ -397,7 +397,7 @@ afterward, preserving the existing credential-injection security model.
 4. **Naive prompt injection detector (Phase 2).**
    Add `NaiveInjectionDetector` to `dlp_detectors.py`. Wire
    `scan_inbound` into the new `response` hook in `egress_addon.py`.
-   Extend unit tests. Activate PRD 0053 (`Status: Draft → Active`) in
+   Extend unit tests. Activate PRD 0052 (`Status: Draft → Active`) in
    this commit.
 
 ## Open questions
diff --git a/docs/research/yaml-route-matching-formats.md b/docs/research/yaml-route-matching-formats.md
index 17b8ee3..7a18186 100644
--- a/docs/research/yaml-route-matching-formats.md
+++ b/docs/research/yaml-route-matching-formats.md
@@ -3,7 +3,7 @@
 ## Question
 
 Bot-bottle's egress manifest currently supports exact-host matching and
-a flat list of path prefixes (`path_allowlist`). As the DLP work (PRD 0053)
+a flat list of path prefixes (`path_allowlist`). As the DLP work (PRD 0052)
 and future route hardening evolve, we may want more expressive matching:
 glob-style path patterns (`/api/*/data`), header predicates (Content-Type,
 Accept), and per-method rules (GET allowed, POST blocked). What established