diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..43f6dab0f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please do **not** use public GitHub issues, discussions, or pull requests for security reports.
+
+For suspected vulnerabilities, please use **GitHub Private Vulnerability Reporting** via the repository's **Security** tab.
+
+## Please Include
+
+- Description of the vulnerability
+- Affected area and versions, if known
+- Reproduction steps or proof of concept
+- Expected impact
+- Suggested remediation, if available
+
+## Disclosure
+
+Please allow time for investigation and remediation before public disclosure. We will try to acknowledge reports within a timely manor.
+
+## Public Channels
+
+Please do not post undisclosed vulnerabilities in:
+
+- GitHub Issues
+- GitHub Discussions
+- Pull Requests
+-