diff --git a/src/Microsoft.Extensions.ML/Builder/BuilderExtensions.cs b/src/Microsoft.Extensions.ML/Builder/BuilderExtensions.cs
index 45ededdb10..a311014ed9 100644
--- a/src/Microsoft.Extensions.ML/Builder/BuilderExtensions.cs
+++ b/src/Microsoft.Extensions.ML/Builder/BuilderExtensions.cs
@@ -20,6 +20,7 @@ public static class BuilderExtensions
         /// <returns>
         /// The updated <see cref="PredictionEnginePoolBuilder{TData, TPrediction}"/>.
         /// </returns>
+        /// <remarks>Only add models from trusted sources. Adding models from untrusted sources is a security risk.</remarks>
         public static PredictionEnginePoolBuilder<TData, TPrediction> FromUri<TData, TPrediction>(
             this PredictionEnginePoolBuilder<TData, TPrediction> builder, string uri)
             where TData : class
@@ -41,6 +42,7 @@ public static PredictionEnginePoolBuilder<TData, TPrediction> FromUri<TData, TPr
         /// <returns>
         /// The updated <see cref="PredictionEnginePoolBuilder{TData, TPrediction}"/>.
         /// </returns>
+        /// <remarks>Only add models from trusted sources. Adding models from untrusted sources is a security risk.</remarks>
         public static PredictionEnginePoolBuilder<TData, TPrediction> FromUri<TData, TPrediction>(
             this PredictionEnginePoolBuilder<TData, TPrediction> builder, string modelName, string uri)
             where TData : class
@@ -62,6 +64,7 @@ public static PredictionEnginePoolBuilder<TData, TPrediction> FromUri<TData, TPr
         /// <returns>
         /// The updated <see cref="PredictionEnginePoolBuilder{TData, TPrediction}"/>.
         /// </returns>
+        /// <remarks>Only add models from trusted sources. Adding models from untrusted sources is a security risk.</remarks>
         public static PredictionEnginePoolBuilder<TData, TPrediction> FromUri<TData, TPrediction>(
             this PredictionEnginePoolBuilder<TData, TPrediction> builder, string modelName, Uri uri)
             where TData : class where TPrediction : class, new()
@@ -80,6 +83,7 @@ public static PredictionEnginePoolBuilder<TData, TPrediction> FromUri<TData, TPr
         /// <returns>
         /// The updated <see cref="PredictionEnginePoolBuilder{TData, TPrediction}"/>.
         /// </returns>
+        /// <remarks>Only add models from trusted sources. Adding models from untrusted sources is a security risk.</remarks>
         public static PredictionEnginePoolBuilder<TData, TPrediction> FromUri<TData, TPrediction>(
             this PredictionEnginePoolBuilder<TData, TPrediction> builder, string uri, TimeSpan period)
             where TData : class where TPrediction : class, new()
@@ -103,6 +107,7 @@ public static PredictionEnginePoolBuilder<TData, TPrediction> FromUri<TData, TPr
         /// <returns>
         /// The updated <see cref="PredictionEnginePoolBuilder{TData, TPrediction}"/>.
         /// </returns>
+        /// <remarks>Only add models from trusted sources. Adding models from untrusted sources is a security risk.</remarks>
         public static PredictionEnginePoolBuilder<TData, TPrediction> FromUri<TData, TPrediction>(
             this PredictionEnginePoolBuilder<TData, TPrediction> builder, string modelName, string uri, TimeSpan period)
             where TData : class
@@ -127,6 +132,7 @@ public static PredictionEnginePoolBuilder<TData, TPrediction> FromUri<TData, TPr
         /// <returns>
         /// The updated <see cref="PredictionEnginePoolBuilder{TData, TPrediction}"/>.
         /// </returns>
+        /// <remarks>Only add models from trusted sources. Adding models from untrusted sources is a security risk.</remarks>
         public static PredictionEnginePoolBuilder<TData, TPrediction> FromUri<TData, TPrediction>(
             this PredictionEnginePoolBuilder<TData, TPrediction> builder, string modelName, Uri uri, TimeSpan period)
             where TData : class
@@ -150,6 +156,7 @@ public static PredictionEnginePoolBuilder<TData, TPrediction> FromUri<TData, TPr
         /// <returns>
         /// The updated <see cref="PredictionEnginePoolBuilder{TData, TPrediction}"/>.
         /// </returns>
+        /// <remarks>Only add models from trusted sources. Adding models from untrusted sources is a security risk.</remarks>
         public static PredictionEnginePoolBuilder<TData, TPrediction> FromFile<TData, TPrediction>(
             this PredictionEnginePoolBuilder<TData, TPrediction> builder, string filePath)
             where TData : class
@@ -169,6 +176,7 @@ public static PredictionEnginePoolBuilder<TData, TPrediction> FromFile<TData, TP
         /// <returns>
         /// The updated <see cref="PredictionEnginePoolBuilder{TData, TPrediction}"/>.
         /// </returns>
+        /// <remarks>Only add models from trusted sources. Adding models from untrusted sources is a security risk.</remarks>
         public static PredictionEnginePoolBuilder<TData, TPrediction> FromFile<TData, TPrediction>(
             this PredictionEnginePoolBuilder<TData, TPrediction> builder, string filePath, bool watchForChanges)
             where TData : class
@@ -190,6 +198,7 @@ public static PredictionEnginePoolBuilder<TData, TPrediction> FromFile<TData, TP
         /// <returns>
         /// The updated <see cref="PredictionEnginePoolBuilder{TData, TPrediction}"/>.
         /// </returns>
+        /// <remarks>Only add models from trusted sources. Adding models from untrusted sources is a security risk.</remarks>
         public static PredictionEnginePoolBuilder<TData, TPrediction> FromFile<TData, TPrediction>(
             this PredictionEnginePoolBuilder<TData, TPrediction> builder, string modelName, string filePath)
             where TData : class
@@ -214,6 +223,7 @@ public static PredictionEnginePoolBuilder<TData, TPrediction> FromFile<TData, TP
         /// <returns>
         /// The updated <see cref="PredictionEnginePoolBuilder{TData, TPrediction}"/>.
         /// </returns>
+        /// <remarks>Only add models from trusted sources. Adding models from untrusted sources is a security risk.</remarks>
         public static PredictionEnginePoolBuilder<TData, TPrediction> FromFile<TData, TPrediction>(
             this PredictionEnginePoolBuilder<TData, TPrediction> builder, string modelName, string filePath, bool watchForChanges)
             where TData : class
diff --git a/src/Microsoft.ML.Data/Model/ModelOperationsCatalog.cs b/src/Microsoft.ML.Data/Model/ModelOperationsCatalog.cs
index 26f13c71b8..6c098890fd 100644
--- a/src/Microsoft.ML.Data/Model/ModelOperationsCatalog.cs
+++ b/src/Microsoft.ML.Data/Model/ModelOperationsCatalog.cs
@@ -142,6 +142,7 @@ private void SaveInputSchema(DataViewSchema inputSchema, RepositoryWriter rep)
         /// <param name="inputSchema">Will contain the input schema for the model. If the model was saved without
         /// any description of the input, there will be no input schema. In this case this can be <see langword="null"/>.</param>
         /// <returns>The loaded model.</returns>
+        /// <remarks>Only load models from trusted sources. Loading models from untrusted sources is a security risk.</remarks>
         /// <example>
         /// <format type="text/markdown">
         /// <![CDATA[
@@ -201,6 +202,7 @@ public ITransformer Load(Stream stream, out DataViewSchema inputSchema)
         /// <param name="inputSchema">Will contain the input schema for the model. If the model was saved without
         /// any description of the input, there will be no input schema. In this case this can be <see langword="null"/>.</param>
         /// <returns>The loaded model.</returns>
+        /// <remarks>Only load models from trusted sources. Loading models from untrusted sources is a security risk.</remarks>
         /// <example>
         /// <format type="text/markdown">
         /// <![CDATA[
@@ -255,6 +257,7 @@ private ITransformer DecomposeLoader(ref IDataLoader<IMultiStreamSource> loader)
         /// this method will throw an exception. The scenario where no loader is stored in the stream should
         /// be handled instead using the <see cref="Load(Stream, out DataViewSchema)"/> method.</param>
         /// <returns>The transformer model from the model stream.</returns>
+        /// <remarks>Only load models from trusted sources. Loading models from untrusted sources is a security risk.</remarks>
         public ITransformer LoadWithDataLoader(Stream stream, out IDataLoader<IMultiStreamSource> loader)
         {
             _env.CheckValue(stream, nameof(stream));
@@ -283,6 +286,7 @@ public ITransformer LoadWithDataLoader(Stream stream, out IDataLoader<IMultiStre
         /// this method will throw an exception. The scenario where no loader is stored in the stream should
         /// be handled instead using the <see cref="Load(Stream, out DataViewSchema)"/> method.</param>
         /// <returns>The transformer model from the model file.</returns>
+        /// <remarks>Only load models from trusted sources. Loading models from untrusted sources is a security risk.</remarks>
         public ITransformer LoadWithDataLoader(string filePath, out IDataLoader<IMultiStreamSource> loader)
         {
             _env.CheckNonEmpty(filePath, nameof(filePath));
diff --git a/src/Microsoft.ML.OnnxTransformer/OnnxCatalog.cs b/src/Microsoft.ML.OnnxTransformer/OnnxCatalog.cs
index 210e13e849..7903981c24 100644
--- a/src/Microsoft.ML.OnnxTransformer/OnnxCatalog.cs
+++ b/src/Microsoft.ML.OnnxTransformer/OnnxCatalog.cs
@@ -20,9 +20,12 @@ public static class OnnxCatalog
         /// and how to run it on a GPU.
         /// </summary>
         /// <remarks>
+        /// <para>
         /// The name/type of input columns must exactly match name/type of the ONNX model inputs.
         /// The name/type of the produced output columns will match name/type of the ONNX model outputs.
         /// If the gpuDeviceId value is <see langword="null" /> the <see cref="P:MLContext.GpuDeviceId"/> value will be used if it is not <see langword="null" />.
+        /// </para>
+        /// <para>Only apply models from trusted sources. Applying models from untrusted sources is a security risk.</para>
         /// </remarks>
         /// <param name="catalog">The transform's catalog.</param>
         /// <param name="modelFile">The path of the file containing the ONNX model.</param>
@@ -48,9 +51,12 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog
         /// and how to run it on a GPU.
         /// </summary>
         /// <remarks>
+        /// <para>
         /// The name/type of input columns must exactly match name/type of the ONNX model inputs.
         /// The name/type of the produced output columns will match name/type of the ONNX model outputs.
         /// If the gpuDeviceId value is <see langword="null" /> the <see cref="P:MLContext.GpuDeviceId"/> value will be used if it is not <see langword="null" />.
+        /// </para>
+        /// <para>Only apply models from trusted sources. Applying models from untrusted sources is a security risk.</para>
         /// </remarks>
         /// <param name="catalog">The transform's catalog.</param>
         /// <param name="modelBytes">The <see cref="System.IO.Stream"/> containing the model bytes.</param>
@@ -76,9 +82,12 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog
         /// and how to run it on a GPU.
         /// </summary>
         /// <remarks>
+        /// <para>
         /// The name/type of input columns must exactly match name/type of the ONNX model inputs.
         /// The name/type of the produced output columns will match name/type of the ONNX model outputs.
         /// If the gpuDeviceId value is <see langword="null" /> the <see cref="P:MLContext.GpuDeviceId"/> value will be used if it is not <see langword="null" />.
+        /// </para>
+        /// <para>Only apply models from trusted sources. Applying models from untrusted sources is a security risk.</para>
         /// </remarks>
         /// <param name="catalog">The transform's catalog.</param>
         /// <param name="modelFile">The path of the file containing the ONNX model.</param>
@@ -112,9 +121,12 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog
         /// and how to run it on a GPU.
         /// </summary>
         /// <remarks>
+        /// <para>
         /// The name/type of input columns must exactly match name/type of the ONNX model inputs.
         /// The name/type of the produced output columns will match name/type of the ONNX model outputs.
         /// If the gpuDeviceId value is <see langword="null" /> the <see cref="P:MLContext.GpuDeviceId"/> value will be used if it is not <see langword="null" />.
+        /// </para>
+        /// <para>Only apply models from trusted sources. Applying models from untrusted sources is a security risk.</para>
         /// </remarks>
         /// <param name="catalog">The transform's catalog.</param>
         /// <param name="modelBytes">The <see cref="System.IO.Stream"/> containing the model bytes.</param>
@@ -153,7 +165,10 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog
         /// <param name="gpuDeviceId">Optional GPU device ID to run execution on, <see langword="null" /> to run on CPU.</param>
         /// <param name="fallbackToCpu">If GPU error, raise exception or fallback to CPU.</param>
         /// <remarks>
+        /// <para>
         /// If the gpuDeviceId value is <see langword="null" /> the <see cref="P:MLContext.GpuDeviceId"/> value will be used if it is not <see langword="null" />.
+        /// </para>
+        /// <para>Only apply models from trusted sources. Applying models from untrusted sources is a security risk.</para>
         /// </remarks>
         /// <example>
         /// <format type="text/markdown">
@@ -185,7 +200,10 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog
         /// <param name="gpuDeviceId">Optional GPU device ID to run execution on, <see langword="null" /> to run on CPU.</param>
         /// <param name="fallbackToCpu">If GPU error, raise exception or fallback to CPU.</param>
         /// <remarks>
+        /// <para>
         /// If the gpuDeviceId value is <see langword="null" /> the <see cref="P:MLContext.GpuDeviceId"/> value will be used if it is not <see langword="null" />.
+        /// </para>
+        /// <para>Only apply models from trusted sources. Applying models from untrusted sources is a security risk.</para>
         /// </remarks>
         /// <example>
         /// <format type="text/markdown">
@@ -211,7 +229,10 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog
         /// and how to run it on a GPU.
         /// </summary>
         /// <remarks>
+        /// <para>
         /// If the options.GpuDeviceId value is <see langword="null" /> the <see cref="P:MLContext.GpuDeviceId"/> value will be used if it is not <see langword="null" />.
+        /// </para>
+        /// <para>Only apply models from trusted sources. Applying models from untrusted sources is a security risk.</para>
         /// </remarks>
         /// <param name="catalog">The transform's catalog.</param>
         /// <param name="options">Options for the <see cref="OnnxScoringEstimator"/>.</param>
@@ -238,7 +259,10 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog
         /// <param name="gpuDeviceId">Optional GPU device ID to run execution on, <see langword="null" /> to run on CPU.</param>
         /// <param name="fallbackToCpu">If GPU error, raise exception or fallback to CPU.</param>
         /// <remarks>
+        /// <para>
         /// If the gpuDeviceId value is <see langword="null" /> the <see cref="P:MLContext.GpuDeviceId"/> value will be used if it is not <see langword="null" />.
+        /// </para>
+        /// <para>Only apply models from trusted sources. Applying models from untrusted sources is a security risk.</para>
         /// </remarks>
         /// <example>
         /// <format type="text/markdown">
@@ -276,7 +300,10 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog
         /// <param name="gpuDeviceId">Optional GPU device ID to run execution on, <see langword="null" /> to run on CPU.</param>
         /// <param name="fallbackToCpu">If GPU error, raise exception or fallback to CPU.</param>
         /// <remarks>
+        /// <para>
         /// If the gpuDeviceId value is <see langword="null" /> the <see cref="P:MLContext.GpuDeviceId"/> value will be used if it is not <see langword="null" />.
+        /// </para>
+        /// <para>Only apply models from trusted sources. Applying models from untrusted sources is a security risk.</para>
         /// </remarks>
         /// <example>
         /// <format type="text/markdown">
@@ -310,7 +337,10 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog
         /// <param name="gpuDeviceId">Optional GPU device ID to run execution on, <see langword="null" /> to run on CPU.</param>
         /// <param name="fallbackToCpu">If GPU error, raise exception or fallback to CPU.</param>
         /// <remarks>
+        /// <para>
         /// If the gpuDeviceId value is <see langword="null" /> the <see cref="P:MLContext.GpuDeviceId"/> value will be used if it is not <see langword="null" />.
+        /// </para>
+        /// <para>Only apply models from trusted sources. Applying models from untrusted sources is a security risk.</para>
         /// </remarks>
         public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog,
             string[] outputColumnNames,
@@ -335,7 +365,10 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog
         /// <param name="gpuDeviceId">Optional GPU device ID to run execution on, <see langword="null" /> to run on CPU.</param>
         /// <param name="fallbackToCpu">If GPU error, raise exception or fallback to CPU.</param>
         /// <remarks>
+        /// <para>
         /// If the gpuDeviceId value is <see langword="null" /> the <see cref="P:MLContext.GpuDeviceId"/> value will be used if it is not <see langword="null" />.
+        /// </para>
+        /// <para>Only apply models from trusted sources. Applying models from untrusted sources is a security risk.</para>
         /// </remarks>
         public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog,
             string[] outputColumnNames,
@@ -364,7 +397,10 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog
         /// <param name="gpuDeviceId">Optional GPU device ID to run execution on, <see langword="null" /> to run on CPU.</param>
         /// <param name="fallbackToCpu">If GPU error, raise exception or fallback to CPU.</param>
         /// <remarks>
+        /// <para>
         /// If the gpuDeviceId value is <see langword="null" /> the <see cref="P:MLContext.GpuDeviceId"/> value will be used if it is not <see langword="null" />.
+        /// </para>
+        /// <para>Only apply models from trusted sources. Applying models from untrusted sources is a security risk.</para>
         /// </remarks>
         public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog,
             string[] outputColumnNames,
@@ -394,7 +430,10 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog
         /// <param name="gpuDeviceId">Optional GPU device ID to run execution on, <see langword="null" /> to run on CPU.</param>
         /// <param name="fallbackToCpu">If GPU error, raise exception or fallback to CPU.</param>
         /// <remarks>
+        /// <para>
         /// If the gpuDeviceId value is <see langword="null" /> the <see cref="P:MLContext.GpuDeviceId"/> value will be used if it is not <see langword="null" />.
+        /// </para>
+        /// <para>Only apply models from trusted sources. Applying models from untrusted sources is a security risk.</para>
         /// </remarks>
         public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog,
             string[] outputColumnNames,
@@ -425,7 +464,10 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog
         /// <param name="fallbackToCpu">If GPU error, raise exception or fallback to CPU.</param>
         /// <param name="recursionLimit">Optional, specifies the Protobuf CodedInputStream recursion limit. Default value is 100.</param>
         /// <remarks>
+        /// <para>
         /// If the gpuDeviceId value is <see langword="null" /> the <see cref="P:MLContext.GpuDeviceId"/> value will be used if it is not <see langword="null" />.
+        /// </para>
+        /// <para>Only apply models from trusted sources. Applying models from untrusted sources is a security risk.</para>
         /// </remarks>
         public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog,
             string[] outputColumnNames,
@@ -457,7 +499,10 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog
         /// <param name="fallbackToCpu">If GPU error, raise exception or fallback to CPU.</param>
         /// <param name="recursionLimit">Optional, specifies the Protobuf CodedInputStream recursion limit. Default value is 100.</param>
         /// <remarks>
+        /// <para>
         /// If the gpuDeviceId value is <see langword="null" /> the <see cref="P:MLContext.GpuDeviceId"/> value will be used if it is not <see langword="null" />.
+        /// </para>
+        /// <para>Only apply models from trusted sources. Applying models from untrusted sources is a security risk.</para>
         /// </remarks>
         public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog,
             string[] outputColumnNames,
diff --git a/src/Microsoft.ML.TensorFlow/TensorflowCatalog.cs b/src/Microsoft.ML.TensorFlow/TensorflowCatalog.cs
index 372d4b1029..78790cdfbd 100644
--- a/src/Microsoft.ML.TensorFlow/TensorflowCatalog.cs
+++ b/src/Microsoft.ML.TensorFlow/TensorflowCatalog.cs
@@ -26,6 +26,7 @@ public static class TensorflowCatalog
         /// </summary>
         /// <param name="catalog">The transform's catalog.</param>
         /// <param name="modelLocation">Location of the TensorFlow model.</param>
+        /// <remarks>Only load models from trusted sources. Loading models from untrusted sources is a security risk.</remarks>
         /// <example>
         /// <format type="text/markdown">
         /// <![CDATA[
@@ -52,6 +53,7 @@ public static TensorFlowModel LoadTensorFlowModel(this ModelOperationsCatalog ca
         /// <param name="catalog">The transform's catalog.</param>
         /// <param name="modelLocation">Location of the TensorFlow model.</param>
         /// <param name="treatOutputAsBatched">If the first dimension of the output is unknown, should it be treated as batched or not.</param>
+        /// <remarks>Only load models from trusted sources. Loading models from untrusted sources is a security risk.</remarks>
         /// <example>
         /// <format type="text/markdown">
         /// <![CDATA[