diff --git a/staging/src/k8s.io/pod-security-admission/admission/admission.go b/staging/src/k8s.io/pod-security-admission/admission/admission.go
index 33fdcc5ba85..4269b740383 100644
--- a/staging/src/k8s.io/pod-security-admission/admission/admission.go
+++ b/staging/src/k8s.io/pod-security-admission/admission/admission.go
@@ -302,6 +302,17 @@ func (a *Admission) ValidatePod(ctx context.Context, attrs Attributes) *admissio
 		return allowedResponse()
 	}
 
+	// short-circuit on privileged enforce+audit+warn namespaces
+	namespace, err := a.NamespaceGetter.GetNamespace(ctx, attrs.GetNamespace())
+	if err != nil {
+		klog.ErrorS(err, "failed to fetch pod namespace", "namespace", attrs.GetNamespace())
+		return internalErrorResponse(fmt.Sprintf("failed to lookup namespace %s", attrs.GetNamespace()))
+	}
+	nsPolicy, _ := a.PolicyToEvaluate(namespace.Labels)
+	if nsPolicy.Enforce.Level == api.LevelPrivileged && nsPolicy.Warn.Level == api.LevelPrivileged && nsPolicy.Audit.Level == api.LevelPrivileged {
+		return allowedResponse()
+	}
+
 	obj, err := attrs.GetObject()
 	if err != nil {
 		klog.ErrorS(err, "failed to decode object")
@@ -341,6 +352,17 @@ func (a *Admission) ValidatePodController(ctx context.Context, attrs Attributes)
 		return allowedResponse()
 	}
 
+	// short-circuit on privileged audit+warn namespaces
+	namespace, err := a.NamespaceGetter.GetNamespace(ctx, attrs.GetNamespace())
+	if err != nil {
+		klog.ErrorS(err, "failed to fetch pod namespace", "namespace", attrs.GetNamespace())
+		return internalErrorResponse(fmt.Sprintf("failed to lookup namespace %s", attrs.GetNamespace()))
+	}
+	nsPolicy, _ := a.PolicyToEvaluate(namespace.Labels)
+	if nsPolicy.Warn.Level == api.LevelPrivileged && nsPolicy.Audit.Level == api.LevelPrivileged {
+		return allowedResponse()
+	}
+
 	obj, err := attrs.GetObject()
 	if err != nil {
 		klog.ErrorS(err, "failed to decode object")