diff --git a/packages/core/src/routes/init.ts b/packages/core/src/routes/init.ts
index 557004a27..f166af765 100644
--- a/packages/core/src/routes/init.ts
+++ b/packages/core/src/routes/init.ts
@@ -34,10 +34,10 @@ import resourceRoutes from './resource.js';
 import resourceScopeRoutes from './resource.scope.js';
 import roleRoutes from './role.js';
 import roleScopeRoutes from './role.scope.js';
-import securityRoutes from './security/index.js';
 import signInExperiencesRoutes from './sign-in-experience/index.js';
 import ssoConnectors from './sso-connector/index.js';
 import statusRoutes from './status.js';
+import subjectTokenRoutes from './subject-token.js';
 import swaggerRoutes from './swagger/index.js';
 import systemRoutes from './system.js';
 import type { AnonymousRouter, ManagementApiRouter } from './types.js';
@@ -89,7 +89,7 @@ const createRouters = (tenant: TenantContext) => {
   organizationRoutes(managementRouter, tenant);
   ssoConnectors(managementRouter, tenant);
   systemRoutes(managementRouter, tenant);
-  securityRoutes(managementRouter, tenant);
+  subjectTokenRoutes(managementRouter, tenant);
 
   const anonymousRouter: AnonymousRouter = new Router();
   wellKnownRoutes(anonymousRouter, tenant);
diff --git a/packages/core/src/routes/security/index.openapi.json b/packages/core/src/routes/subject-token.openapi.json
similarity index 83%
rename from packages/core/src/routes/security/index.openapi.json
rename to packages/core/src/routes/subject-token.openapi.json
index bbee8d166..6f2384f01 100644
--- a/packages/core/src/routes/security/index.openapi.json
+++ b/packages/core/src/routes/subject-token.openapi.json
@@ -1,13 +1,13 @@
 {
   "tags": [
     {
-      "name": "Security",
-      "description": "Security related endpoints."
+      "name": "Subject tokens",
+      "description": "The subject token API provides the ability to create a new subject token for the use of impersonating the user."
     },
     { "name": "Dev feature" }
   ],
   "paths": {
-    "/api/security/subject-tokens": {
+    "/api/subject-tokens": {
       "post": {
         "summary": "Create a new subject token.",
         "description": "Create a new subject token for the use of impersonating the user.",
diff --git a/packages/core/src/routes/security/index.ts b/packages/core/src/routes/subject-token.ts
similarity index 91%
rename from packages/core/src/routes/security/index.ts
rename to packages/core/src/routes/subject-token.ts
index 45440dc87..99cbcb84a 100644
--- a/packages/core/src/routes/security/index.ts
+++ b/packages/core/src/routes/subject-token.ts
@@ -8,9 +8,11 @@ import { EnvSet } from '#src/env-set/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
 
-import { type RouterInitArgs, type ManagementApiRouter } from '../types.js';
+import { type RouterInitArgs, type ManagementApiRouter } from './types.js';
 
-export default function securityRoutes<T extends ManagementApiRouter>(...args: RouterInitArgs<T>) {
+export default function subjectTokenRoutes<T extends ManagementApiRouter>(
+  ...args: RouterInitArgs<T>
+) {
   const [
     router,
     {
@@ -27,7 +29,7 @@ export default function securityRoutes<T extends ManagementApiRouter>(...args: R
   }
 
   router.post(
-    '/security/subject-tokens',
+    '/subject-tokens',
     koaQuotaGuard({ key: 'subjectTokenEnabled', quota }),
     koaGuard({
       body: object({
diff --git a/packages/core/src/routes/swagger/index.ts b/packages/core/src/routes/swagger/index.ts
index ffbc37d66..9973d7430 100644
--- a/packages/core/src/routes/swagger/index.ts
+++ b/packages/core/src/routes/swagger/index.ts
@@ -155,7 +155,7 @@ const identifiableEntityNames = Object.freeze([
 const additionalTags = Object.freeze(
   condArray<string>(
     'Organization applications',
-    EnvSet.values.isDevFeaturesEnabled && 'Security',
+    EnvSet.values.isDevFeaturesEnabled && 'Subject tokens',
     'Organization users'
   )
 );
diff --git a/packages/core/src/routes/swagger/utils/operation-id.ts b/packages/core/src/routes/swagger/utils/operation-id.ts
index fe3df4002..b65795657 100644
--- a/packages/core/src/routes/swagger/utils/operation-id.ts
+++ b/packages/core/src/routes/swagger/utils/operation-id.ts
@@ -25,8 +25,8 @@ const methodToVerb = Object.freeze({
 type RouteDictionary = Record<`${OpenAPIV3.HttpMethods} ${string}`, string>;
 
 const devFeatureCustomRoutes: RouteDictionary = Object.freeze({
-  // Security
-  'post /security/subject-tokens': 'CreateSubjectToken',
+  // Subject tokens
+  'post /subject-tokens': 'CreateSubjectToken',
 });
 
 export const customRoutes: Readonly<RouteDictionary> = Object.freeze({
diff --git a/packages/integration-tests/src/api/subject-token.ts b/packages/integration-tests/src/api/subject-token.ts
index 8eba50195..ec54bff45 100644
--- a/packages/integration-tests/src/api/subject-token.ts
+++ b/packages/integration-tests/src/api/subject-token.ts
@@ -4,7 +4,7 @@ import { authedAdminApi } from './api.js';
 
 export const createSubjectToken = async (userId: string, context?: JsonObject) =>
   authedAdminApi
-    .post('security/subject-tokens', {
+    .post('subject-tokens', {
       json: {
         userId,
         context,