How do I specify combination of security schemes under servers - Logical AND combination?

[rahmathm1]

I'm working on an AsyncAPI 3.0 specification and need to define a logical AND combination of security schemes under the servers section. Specifically, I want to require that both an API key and MTLS token are provided to establish a connection.
From what I understand, the security field under servers is an array of Security Requirement Objects, and each object represents an OR condition. But I’m looking for a way to enforce AND logic - i.e., all listed schemes must be satisfied.

I have tried something, but AsyncAPI Studio shows validation errors.

Here is my schema

asyncapi: 3.0.0
info:
  title: Secure Event Broker API
  version: 1.0.0
  description: An event broker that requires both mTLS (X.509) and an API key for authentication.
servers:
  production:
    host: secure.example.com
    protocol: mqtt
    security:
      - x509: []
        apiKey: []
components:
  securitySchemes:
    x509:
      type: X509
    apiKey:
      type: httpApiKey
      name: X-API-Key
      in: header

This shows validation errors in AsyncAPI Studio. Any idea why? Thank you.