diff --git a/.readme-partials.yaml b/.readme-partials.yaml
index 6a8bb79f..27077dc5 100644
--- a/.readme-partials.yaml
+++ b/.readme-partials.yaml
@@ -308,6 +308,8 @@ body: |-
   main().catch(console.error);
   ```
 
+  **Important**: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information, refer to [Validate credential configurations from external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials).
+
   #### Using a Proxy
   You can set the `HTTPS_PROXY` or `https_proxy` environment variables to proxy HTTPS requests. When `HTTPS_PROXY` or `https_proxy` are set, they will be used to proxy SSL requests that do not have an explicit proxy configuration option present.
 
diff --git a/README.md b/README.md
index 81252a1b..4e9255ef 100644
--- a/README.md
+++ b/README.md
@@ -352,6 +352,8 @@ async function main() {
 main().catch(console.error);
 ```
 
+**Important**: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information, refer to [Validate credential configurations from external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials).
+
 #### Using a Proxy
 You can set the `HTTPS_PROXY` or `https_proxy` environment variables to proxy HTTPS requests. When `HTTPS_PROXY` or `https_proxy` are set, they will be used to proxy SSL requests that do not have an explicit proxy configuration option present.
 
diff --git a/src/auth/googleauth.ts b/src/auth/googleauth.ts
index 90ecf49b..dc8786a5 100644
--- a/src/auth/googleauth.ts
+++ b/src/auth/googleauth.ts
@@ -670,6 +670,8 @@ export class GoogleAuth<T extends AuthClient = JSONClient> {
    * Create a credentials instance using the given input options.
    * This client is not cached.
    *
+   * **Important**: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information, refer to {@link https://cloud.google.com/docs/authentication/external/externally-sourced-credentials Validate credential configurations from external sources}.
+   *
    * @param json The input object.
    * @param options The JWT or UserRefresh options for the client
    * @returns JWT or UserRefresh Client with data