diff --git a/openapi3/entities_extra_test.go b/openapi3/entities_extra_test.go
index 7985e2f..b7a64cd 100644
--- a/openapi3/entities_extra_test.go
+++ b/openapi3/entities_extra_test.go
@@ -48,3 +48,27 @@ components:
 
 	require.NoError(t, s.UnmarshalYAML([]byte(spec)))
 }
+
+func TestSpec_MarshalYAML_2(t *testing.T) {
+	var s openapi3.Spec
+
+	spec := `openapi: 3.0.0
+info:
+  title: MyProject
+  description: "My Project Description"
+  version: v1.0.0
+# 1) Define the security scheme type (HTTP bearer)
+components:
+  securitySchemes:
+    bearerAuth: # arbitrary name for the security scheme
+      type: http
+      scheme: bearer
+      bearerFormat: JWT # optional, arbitrary value for documentation purposes
+# 2) Apply the security globally to all operations
+security:
+  - bearerAuth: [] # use the same name as above
+paths:
+`
+
+	require.NoError(t, s.UnmarshalYAML([]byte(spec)))
+}
diff --git a/openapi31/entities.go b/openapi31/entities.go
index 35a3040..668d905 100644
--- a/openapi31/entities.go
+++ b/openapi31/entities.go
@@ -9,6 +9,7 @@ import (
 	"errors"
 	"fmt"
 	"regexp"
+	"strings"
 )
 
 // Spec structure is generated from "#".
@@ -4272,6 +4273,10 @@ func (s *SecuritySchemeHTTP) UnmarshalJSON(data []byte) error {
 
 	delete(rawMap, "type")
 
+	if strings.ToLower(ms.Scheme) == "bearer" {
+		return errors.New("use SecuritySchemeHTTPBearer for bearer scheme")
+	}
+
 	*s = SecuritySchemeHTTP(ms)
 
 	return nil
diff --git a/openapi31/entities_extra_test.go b/openapi31/entities_extra_test.go
new file mode 100644
index 0000000..5047a92
--- /dev/null
+++ b/openapi31/entities_extra_test.go
@@ -0,0 +1,74 @@
+package openapi31_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"github.com/swaggest/openapi-go/openapi31"
+)
+
+func TestSpec_MarshalYAML(t *testing.T) {
+	var s openapi31.Spec
+
+	spec := `openapi: 3.1.0
+info:
+  description: description
+  license:
+    name: Apache-2.0
+    url: https://www.apache.org/licenses/LICENSE-2.0.html
+  title: title
+  version: 2.0.0
+servers:
+  - url: /v2
+paths:
+  /user:
+    put:
+      summary: updates the user by id
+      operationId: UpdateUser
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: string
+        description: Updated user object
+        required: true
+      responses:
+        "404":
+          description: User not found
+components:
+  securitySchemes:
+    api_key:
+      in: header
+      name: x-api-key
+      type: apiKey
+    bearer_auth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT`
+
+	require.NoError(t, s.UnmarshalYAML([]byte(spec)))
+}
+
+func TestSpec_MarshalYAML_2(t *testing.T) {
+	var s openapi31.Spec
+
+	spec := `openapi: 3.1.0
+info:
+  title: MyProject
+  description: "My Project Description"
+  version: v1.0.0
+# 1) Define the security scheme type (HTTP bearer)
+components:
+  securitySchemes:
+    bearerAuth: # arbitrary name for the security scheme
+      type: http
+      scheme: bearer
+      bearerFormat: JWT # optional, arbitrary value for documentation purposes
+# 2) Apply the security globally to all operations
+security:
+  - bearerAuth: [] # use the same name as above
+paths:
+`
+
+	require.NoError(t, s.UnmarshalYAML([]byte(spec)))
+}