diff --git a/pkg/security/ebpf/c/exec.h b/pkg/security/ebpf/c/exec.h
index 90bd2fb7eea154..6499ab9d6716f0 100644
--- a/pkg/security/ebpf/c/exec.h
+++ b/pkg/security/ebpf/c/exec.h
@@ -530,7 +530,9 @@ int kprobe_exit_itimers(struct pt_regs *ctx) {
 
         struct tty_struct *tty;
         bpf_probe_read(&tty, sizeof(tty), (char *)signal + tty_offset);
-        bpf_probe_read_str(entry->tty_name, TTY_NAME_LEN, (char *)tty + tty_name_offset);
+        if (tty) {
+            bpf_probe_read_str(entry->tty_name, TTY_NAME_LEN, (char *)tty + tty_name_offset);
+        }
     }
 
     return 0;
diff --git a/pkg/security/secl/model/unmarshallers.go b/pkg/security/secl/model/unmarshallers.go
index 59cdfb508c2f48..6b8a2d46097429 100644
--- a/pkg/security/secl/model/unmarshallers.go
+++ b/pkg/security/secl/model/unmarshallers.go
@@ -7,6 +7,7 @@ package model
 
 import (
 	"fmt"
+	"strings"
 	"time"
 	"unsafe"
 )
@@ -129,6 +130,11 @@ func unmarshalTime(data []byte) time.Time {
 	return time.Time{}
 }
 
+// isValidTTYName uses a naive assumption as other tty driver may create tty with other prefix
+func isValidTTYName(ttyName string) bool {
+	return IsPrintableASCII(ttyName) && (strings.HasPrefix(ttyName, "tty") || strings.HasPrefix(ttyName, "pts"))
+}
+
 // UnmarshalBinary unmarshalls a binary representation of itself
 func (e *Process) UnmarshalBinary(data []byte) (int, error) {
 	// Unmarshal proc_cache_t
@@ -150,7 +156,7 @@ func (e *Process) UnmarshalBinary(data []byte) (int, error) {
 	if err != nil {
 		return 0, err
 	}
-	if IsPrintableASCII(ttyName) {
+	if isValidTTYName(ttyName) {
 		e.TTYName = ttyName
 	}
 	read += 64