diff --git a/01-quickstart.md b/01-quickstart.md
index 78fc86bda4c732a24f92f42a704b8bc7405417a3..07d2924fd1624472394e805f333aa3190ee6cafd 100644
--- a/01-quickstart.md
+++ b/01-quickstart.md
@@ -43,6 +43,15 @@ In order for OSM to work, it is assumed that:
 
 ## Installing OSM
 
+## 🔒 Before installing: a security warning
+
+The default installation of OSM is solely intended for **testing**, **development**, and **evaluation purposes only**.
+Therefore, it should not be installed in a production environment, at least without a proper risk assessment and definition of the appropriate measures to take while deploying on the target domain.
+While OSM is taking significant steps to enhance security — using a secure ingress controller, [account protection after too many attempts](06-osm-platform-configuration.md#how-to-enable-user-management-enhancements-to-enforce-password-best-practices), or [fine-grain Role-based Access Control rules](06-osm-platform-configuration.md) — other configurations would be needed for it to be securely provided in a production-ready setup.
+If deployed in a production setting without further analysis and configuration, the system may be vulnerable to unauthorized access, data breaches, and other security risks.
+
+**As a result, only install OSM in a production setting if you are completely confident in your understanding and approach.**
+
 ### Default installation procedure
 
 All you need to run OSM is a single server or VM with the following requirements: