diff --git a/apps/emqx_utils/src/emqx_utils.erl b/apps/emqx_utils/src/emqx_utils.erl
index bb69a9e56..6cf85fb5d 100644
--- a/apps/emqx_utils/src/emqx_utils.erl
+++ b/apps/emqx_utils/src/emqx_utils.erl
@@ -624,6 +624,9 @@ is_sensitive_key(<<"security_token">>) -> true;
 is_sensitive_key(token) -> true;
 is_sensitive_key("token") -> true;
 is_sensitive_key(<<"token">>) -> true;
+is_sensitive_key(jwt) -> true;
+is_sensitive_key("jwt") -> true;
+is_sensitive_key(<<"jwt">>) -> true;
 is_sensitive_key(_) -> false.
 
 redact(Term) ->
diff --git a/changes/ce/perf-11019.en.md b/changes/ce/perf-11019.en.md
new file mode 100644
index 000000000..dcca33b35
--- /dev/null
+++ b/changes/ce/perf-11019.en.md
@@ -0,0 +1 @@
+Improve log security for JWT, now it will be obfuscated before print.