diff --git a/packages/tooling/__tests__/__fixtures__/multiple-securities.json b/packages/tooling/__tests__/__fixtures__/multiple-securities.json
index 4a9352ec8..c9fc77be5 100644
--- a/packages/tooling/__tests__/__fixtures__/multiple-securities.json
+++ b/packages/tooling/__tests__/__fixtures__/multiple-securities.json
@@ -171,6 +171,28 @@
         }
       }
     },
+    "/multiple-combo-auths-duped": {
+      "get": {
+        "responses": {
+          "200": {
+            "description": "OK"
+          },
+          "400": {
+            "description": "Bad Request"
+          }
+        },
+        "security": [
+          {
+            "apiKeyScheme": [],
+            "httpBearer": []
+          },
+          {
+            "apiKeyScheme": [],
+            "apiKeySignature": []
+          }
+        ]
+      }
+    },
     "/unknown-auth-type": {
       "post": {
         "operationId": "unknownAuthType",
@@ -225,11 +247,20 @@
           }
         }
       },
+      "httpBearer": {
+        "type": "http",
+        "scheme": "bearer"
+      },
       "apiKeyScheme": {
         "type": "apiKey",
         "name": "testKey",
         "in": "header"
       },
+      "apiKeySignature": {
+        "type": "apiKey",
+        "name": "X-AUTH-SIGNATURE",
+        "in": "header"
+      },
       "unknownAuthType": {
         "type": "demigorgon",
         "name": "eleven",
diff --git a/packages/tooling/__tests__/operation.test.js b/packages/tooling/__tests__/operation.test.js
index c2290875d..0f2528800 100644
--- a/packages/tooling/__tests__/operation.test.js
+++ b/packages/tooling/__tests__/operation.test.js
@@ -236,6 +236,13 @@ describe('#prepareSecurity()', () => {
     expect(operation.prepareSecurity().Header).toHaveLength(1);
   });
 
+  it('should dedupe securities in within an && and || situation', () => {
+    const operation = new Oas(multipleSecurities).operation('/multiple-combo-auths-duped', 'get');
+
+    expect(operation.prepareSecurity().Bearer).toHaveLength(1);
+    expect(operation.prepareSecurity().Header).toHaveLength(2);
+  });
+
   it.todo('should set a `key` property');
 
   it.todo('should throw if attempting to use a non-existent scheme');
diff --git a/packages/tooling/src/operation.js b/packages/tooling/src/operation.js
index 9684fab3c..5d83a419d 100644
--- a/packages/tooling/src/operation.js
+++ b/packages/tooling/src/operation.js
@@ -1,3 +1,4 @@
+/* eslint-disable no-underscore-dangle */
 const findSchemaDefinition = require('./lib/find-schema-definition');
 
 class Operation {
@@ -65,7 +66,6 @@ class Operation {
             return false;
           }
 
-          // eslint-disable-next-line no-underscore-dangle
           security._key = key;
 
           return { type, security };
@@ -76,7 +76,12 @@ class Operation {
           // Remove non-existent schemes
           if (!security) return;
           if (!prev[security.type]) prev[security.type] = [];
-          prev[security.type].push(security.security);
+
+          // Only add schemes we haven't seen yet.
+          const exists = prev[security.type].findIndex(sec => sec._key === security.security._key);
+          if (exists < 0) {
+            prev[security.type].push(security.security);
+          }
         });
         return prev;
       }, {});