diff --git a/packages/phishing-controller/CHANGELOG.md b/packages/phishing-controller/CHANGELOG.md
index 2578d23772..153d1a01b7 100644
--- a/packages/phishing-controller/CHANGELOG.md
+++ b/packages/phishing-controller/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Add two new controller state metadata properties: `includeInStateLogs` and `usedInUi` ([#6587](https://github.com/MetaMask/core/pull/6587))
+
 ### Changed
 
 - Bump `@metamask/base-controller` from `^8.0.1` to `^8.3.0` ([#6284](https://github.com/MetaMask/core/pull/6284), [#6355](https://github.com/MetaMask/core/pull/6355), [#6465](https://github.com/MetaMask/core/pull/6465))
diff --git a/packages/phishing-controller/src/PhishingController.test.ts b/packages/phishing-controller/src/PhishingController.test.ts
index e96d44681d..f55f6f99d4 100644
--- a/packages/phishing-controller/src/PhishingController.test.ts
+++ b/packages/phishing-controller/src/PhishingController.test.ts
@@ -1,4 +1,4 @@
-import { Messenger } from '@metamask/base-controller';
+import { deriveStateFromMetadata, Messenger } from '@metamask/base-controller';
 import { strict as assert } from 'assert';
 import nock, { cleanAll, isDone, pendingMocks } from 'nock';
 import sinon from 'sinon';
@@ -3345,4 +3345,73 @@ describe('URL Scan Cache', () => {
     const result2 = await controller.scanUrl(invalidUrl);
     expect(result2.fetchError).toBeDefined();
   });
+
+  describe('metadata', () => {
+    it('includes expected state in debug snapshots', () => {
+      const controller = getPhishingController();
+
+      expect(
+        deriveStateFromMetadata(
+          controller.state,
+          controller.metadata,
+          'anonymous',
+        ),
+      ).toMatchInlineSnapshot(`Object {}`);
+    });
+
+    it('includes expected state in state logs', () => {
+      const controller = getPhishingController();
+
+      expect(
+        deriveStateFromMetadata(
+          controller.state,
+          controller.metadata,
+          'includeInStateLogs',
+        ),
+      ).toMatchInlineSnapshot(`
+        Object {
+          "c2DomainBlocklistLastFetched": 0,
+          "hotlistLastFetched": 0,
+          "stalelistLastFetched": 0,
+        }
+      `);
+    });
+
+    it('persists expected state', () => {
+      const controller = getPhishingController();
+
+      expect(
+        deriveStateFromMetadata(
+          controller.state,
+          controller.metadata,
+          'persist',
+        ),
+      ).toMatchInlineSnapshot(`
+        Object {
+          "c2DomainBlocklistLastFetched": 0,
+          "hotlistLastFetched": 0,
+          "phishingLists": Array [],
+          "stalelistLastFetched": 0,
+          "urlScanCache": Object {},
+          "whitelist": Array [],
+        }
+      `);
+    });
+
+    it('includes expected state in UI', () => {
+      const controller = getPhishingController();
+
+      expect(
+        deriveStateFromMetadata(
+          controller.state,
+          controller.metadata,
+          'usedInUi',
+        ),
+      ).toMatchInlineSnapshot(`
+        Object {
+          "urlScanCache": Object {},
+        }
+      `);
+    });
+  });
 });
diff --git a/packages/phishing-controller/src/PhishingController.ts b/packages/phishing-controller/src/PhishingController.ts
index 78b1f8fb89..370b05b7ff 100644
--- a/packages/phishing-controller/src/PhishingController.ts
+++ b/packages/phishing-controller/src/PhishingController.ts
@@ -2,6 +2,7 @@ import type {
   ControllerGetStateAction,
   ControllerStateChangeEvent,
   RestrictedMessenger,
+  StateMetadata,
 } from '@metamask/base-controller';
 import { BaseController } from '@metamask/base-controller';
 import {
@@ -205,13 +206,43 @@ export const phishingListKeyNameMap = {
 
 const controllerName = 'PhishingController';
 
-const metadata = {
-  phishingLists: { persist: true, anonymous: false },
-  whitelist: { persist: true, anonymous: false },
-  hotlistLastFetched: { persist: true, anonymous: false },
-  stalelistLastFetched: { persist: true, anonymous: false },
-  c2DomainBlocklistLastFetched: { persist: true, anonymous: false },
-  urlScanCache: { persist: true, anonymous: false },
+const metadata: StateMetadata<PhishingControllerState> = {
+  phishingLists: {
+    includeInStateLogs: false,
+    persist: true,
+    anonymous: false,
+    usedInUi: false,
+  },
+  whitelist: {
+    includeInStateLogs: false,
+    persist: true,
+    anonymous: false,
+    usedInUi: false,
+  },
+  hotlistLastFetched: {
+    includeInStateLogs: true,
+    persist: true,
+    anonymous: false,
+    usedInUi: false,
+  },
+  stalelistLastFetched: {
+    includeInStateLogs: true,
+    persist: true,
+    anonymous: false,
+    usedInUi: false,
+  },
+  c2DomainBlocklistLastFetched: {
+    includeInStateLogs: true,
+    persist: true,
+    anonymous: false,
+    usedInUi: false,
+  },
+  urlScanCache: {
+    includeInStateLogs: false,
+    persist: true,
+    anonymous: false,
+    usedInUi: true,
+  },
 };
 
 /**