The APIs of Ory open-source servers do not come with integrated access control. This means that all requests sent to their APIs are considered authenticated, authorized, and will be executed. However, leaving the APIs in this state can lead to severe security risks. When deploying Ory open-source servers, it is recommended to protect access to their APIs using Ory Oathkeeper or a comparable API Gateway. For more information, you can refer to the [Ory documentation](https://www.ory.sh/docs/self-hosted/operations/api-access-control). If you need help, you can reach out to the community on [Ory Community Slack](http://slack.ory.sh/).