diff --git a/alts/src/main/java/io/grpc/alts/AuthorizationUtil.java b/alts/src/main/java/io/grpc/alts/AuthorizationUtil.java
index ac7e2f0332..72341afa55 100644
--- a/alts/src/main/java/io/grpc/alts/AuthorizationUtil.java
+++ b/alts/src/main/java/io/grpc/alts/AuthorizationUtil.java
@@ -37,7 +37,7 @@ public final class AuthorizationUtil {
     AltsAuthContext altsContext =
         (AltsAuthContext) call.getAttributes().get(AltsProtocolNegotiator.AUTH_CONTEXT_KEY);
     if (altsContext == null) {
-      return Status.NOT_FOUND.withDescription("Peer ALTS AuthContext not found");
+      return Status.PERMISSION_DENIED.withDescription("Peer ALTS AuthContext not found");
     }
     if (expectedServiceAccounts.contains(altsContext.getPeerServiceAccount())) {
       return Status.OK;
diff --git a/alts/src/test/java/io/grpc/alts/AuthorizationUtilTest.java b/alts/src/test/java/io/grpc/alts/AuthorizationUtilTest.java
index a045675def..dfbe8b5ff9 100644
--- a/alts/src/test/java/io/grpc/alts/AuthorizationUtilTest.java
+++ b/alts/src/test/java/io/grpc/alts/AuthorizationUtilTest.java
@@ -42,7 +42,7 @@ public final class AuthorizationUtilTest {
     Status status =
         AuthorizationUtil.clientAuthorizationCheck(
             new FakeServerCall(null), Lists.newArrayList("Alice"));
-    assertThat(status.getCode()).isEqualTo(Status.Code.NOT_FOUND);
+    assertThat(status.getCode()).isEqualTo(Status.Code.PERMISSION_DENIED);
     assertThat(status.getDescription()).startsWith("Peer ALTS AuthContext not found");
     status =
         AuthorizationUtil.clientAuthorizationCheck(