diff --git a/src/Libraries/Microsoft.Extensions.AI/CachingHelpers.cs b/src/Libraries/Microsoft.Extensions.AI/CachingHelpers.cs
index 8128926f942..13637dc5226 100644
--- a/src/Libraries/Microsoft.Extensions.AI/CachingHelpers.cs
+++ b/src/Libraries/Microsoft.Extensions.AI/CachingHelpers.cs
@@ -44,7 +44,10 @@ public static string GetCacheKey<TValue>(TValue value, bool flag, JsonSerializer
         }
 
         // The complete JSON representation is excessively long for a cache key, duplicating much of the content
-        // from the value. So we use a hash of it as the default key.
+        // from the value. So we use a hash of it as the default key, and we rely on collision resistance for security purposes.
+        // If a collision occurs, we'd serve the cached LLM response for a potentially unrelated prompt, leading to information
+        // disclosure. Use of SHA256 is an implementation detail and can be easily swapped in the future if needed, albeit
+        // invalidating any existing cache entries that may exist in whatever IDistributedCache was in use.
 #if NET8_0_OR_GREATER
         Span<byte> hashData = stackalloc byte[SHA256.HashSizeInBytes];
         SHA256.HashData(jsonKeyBytes, hashData);