diff --git a/dev_docs/tutorials/endpoints.mdx b/dev_docs/tutorials/endpoints.mdx
index 851c3046fead..fadde7d30f64 100644
--- a/dev_docs/tutorials/endpoints.mdx
+++ b/dev_docs/tutorials/endpoints.mdx
@@ -368,7 +368,7 @@ export class MyPlugin implements Plugin {
 By default, when security is enabled, endpoints require the user to be authenticated to be accessed,
 and will return a `401 - Unauthorized` otherwise.
 
-It is possible to disable this requirement using the `authRequired` option of the route.
+It is possible to disable this requirement using the `security.authc.enabled` option of the route.
 
 ```ts
 import type { CoreSetup, Plugin } from '@kbn/core/server';
@@ -380,8 +380,11 @@ export class MyPlugin implements Plugin {
       {
         path: '/api/my_plugin/get_object',
         validate: false,
-        options: {
-          authRequired: false,
+        security: {
+          authc: {
+            enabled: false,
+            reason: 'This endpoint does not require authentication',
+          },
         },
       },
       async (context, request, response) => {
@@ -394,7 +397,7 @@ export class MyPlugin implements Plugin {
 }
 ```
 
-Note that in addition to `true` and `false`, `authRequired` accepts a third value, `'optional'`. When used,
+Note that in addition to `true` and `false`, `security.authc.enabled` accepts a third value, `'optional'`. When used,
 Kibana will try to authenticate the user but will allow access to the endpoint regardless of the result. In that
 case, the developer needs to manually checks if the user is authenticated via `request.auth.isAuthenticated`.
 
@@ -416,8 +419,11 @@ export class MyPlugin implements Plugin {
       {
         path: '/api/my_plugin/get_object',
         validate: false,
-        options: {
-          authRequired: false,
+        security: {
+          authc: {
+            enabled: false,
+            reason: 'This endpoint does not require authentication',
+          },
         },
       },
       async (context, request, response) => {
diff --git a/legacy_rfcs/text/0005_route_handler.md b/legacy_rfcs/text/0005_route_handler.md
index 909cabb536ec..d154d918448b 100644
--- a/legacy_rfcs/text/0005_route_handler.md
+++ b/legacy_rfcs/text/0005_route_handler.md
@@ -45,7 +45,6 @@ interface KibanaRequest {
     path: string;
     method: 'get' | 'post' | ...
     options: {
-      authRequired: boolean;
       tags: string [];
     }
   }
diff --git a/packages/core/http/core-http-server/src/router/route.ts b/packages/core/http/core-http-server/src/router/route.ts
index 2efd40527411..5480c38d9cd1 100644
--- a/packages/core/http/core-http-server/src/router/route.ts
+++ b/packages/core/http/core-http-server/src/router/route.ts
@@ -291,6 +291,8 @@ export interface RouteConfigOptions<Method extends RouteMethod> {
    *               Can be useful when we grant access to a resource but want to identify a user if possible.
    *
    * Defaults to `true` if an auth mechanism is registered.
+   *
+   * @deprecated Use `security.authc.enabled` instead
    */
   authRequired?: boolean | 'optional';