diff --git a/src/plugins/custom_integrations/server/routes/define_routes.ts b/src/plugins/custom_integrations/server/routes/define_routes.ts
index d59d9f98ff4c1..35231c7064345 100644
--- a/src/plugins/custom_integrations/server/routes/define_routes.ts
+++ b/src/plugins/custom_integrations/server/routes/define_routes.ts
@@ -22,6 +22,11 @@ export function defineRoutes(
     {
       path: ROUTES_APPEND_CUSTOM_INTEGRATIONS,
       validate: false,
+      security: {
+        authz: {
+          requiredPrivileges: ['integrations-read'],
+        },
+      },
     },
     async (context, request, response) => {
       const integrations = customIntegrationsRegistry.getAppendCustomIntegrations();
@@ -35,6 +40,11 @@ export function defineRoutes(
     {
       path: ROUTES_REPLACEMENT_CUSTOM_INTEGRATIONS,
       validate: false,
+      security: {
+        authz: {
+          requiredPrivileges: ['integrations-read'],
+        },
+      },
     },
     async (context, request, response) => {
       const integrations = customIntegrationsRegistry.getReplacementCustomIntegrations();
diff --git a/x-pack/plugins/fleet/server/services/security/fleet_router.ts b/x-pack/plugins/fleet/server/services/security/fleet_router.ts
index 775fe7e4765e5..b727fa5ec68d1 100644
--- a/x-pack/plugins/fleet/server/services/security/fleet_router.ts
+++ b/x-pack/plugins/fleet/server/services/security/fleet_router.ts
@@ -14,7 +14,7 @@ import {
   type RequestHandler,
   type RouteMethod,
 } from '@kbn/core/server';
-import type { VersionedRouteConfig } from '@kbn/core-http-server';
+import type { RouteSecurity, VersionedRouteConfig } from '@kbn/core-http-server';
 
 import { PUBLIC_API_ACCESS } from '../../../common/constants';
 import type { FleetRequestHandlerContext } from '../..';
@@ -35,6 +35,14 @@ import {
   doesNotHaveRequiredFleetAuthz,
 } from './security';
 
+export const DEFAULT_FLEET_ROUTE_SECURITY: RouteSecurity = {
+  authz: {
+    enabled: false,
+    reason:
+      'This route is opted out from authorization because Fleet use his own authorization model.',
+  },
+};
+
 function withDefaultPublicAccess<Method extends RouteMethod>(
   options: FleetVersionedRouteConfig<Method>
 ): VersionedRouteConfig<Method> {
@@ -44,6 +52,7 @@ function withDefaultPublicAccess<Method extends RouteMethod>(
     return {
       ...options,
       access: PUBLIC_API_ACCESS,
+      security: DEFAULT_FLEET_ROUTE_SECURITY,
     };
   }
 }