diff --git a/internal/llm/provider/anthropic.go b/internal/llm/provider/anthropic.go
index 9648bfd282b5b467399cb715389c5c5969fba121..981ff4590fd7db92288ff11b3d8f607e594cb0fd 100644
--- a/internal/llm/provider/anthropic.go
+++ b/internal/llm/provider/anthropic.go
@@ -494,7 +494,18 @@ func (a *anthropicClient) shouldRetry(attempts int, err error) (bool, int64, err
 	}
 
 	if apiErr.StatusCode == http.StatusUnauthorized {
-		return false, 0, err
+		prev := a.providerOptions.apiKey
+		// in case the key comes from a script, we try to re-evaluate it.
+		a.providerOptions.apiKey, err = config.Get().Resolve(a.providerOptions.config.APIKey)
+		if err != nil {
+			return false, 0, fmt.Errorf("failed to resolve API key: %w", err)
+		}
+		// if it didn't change, do not retry.
+		if prev == a.providerOptions.apiKey {
+			return false, 0, err
+		}
+		a.client = createAnthropicClient(a.providerOptions, a.tp)
+		return true, 0, nil
 	}
 
 	// Handle context limit exceeded error (400 Bad Request)
@@ -509,18 +520,7 @@ func (a *anthropicClient) shouldRetry(attempts int, err error) (bool, int64, err
 	isOverloaded := strings.Contains(apiErr.Error(), "overloaded") || strings.Contains(apiErr.Error(), "rate limit exceeded")
 	// 529 (unofficial): The service is overloaded
 	if apiErr.StatusCode != http.StatusTooManyRequests && apiErr.StatusCode != 529 && !isOverloaded {
-		prev := a.providerOptions.apiKey
-		// in case the key comes from a script, we try to re-evaluate it.
-		a.providerOptions.apiKey, err = config.Get().Resolve(a.providerOptions.config.APIKey)
-		if err != nil {
-			return false, 0, fmt.Errorf("failed to resolve API key: %w", err)
-		}
-		// if it didn't change, do not retry.
-		if prev == a.providerOptions.apiKey {
-			return false, 0, err
-		}
-		a.client = createAnthropicClient(a.providerOptions, a.tp)
-		return true, 0, nil
+		return false, 0, err
 	}
 
 	retryMs := 0