diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..745b680d
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,39 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+|---------|--------------------|
+| Latest  | :white_check_mark: |
+| Older   | :x:                |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in HexStrike AI, **please do not open a public issue.**
+
+Instead, report it responsibly via one of the following channels:
+
+- **Email:** [contact@0x4m4.com](mailto:contact@0x4m4.com)
+- **GitHub Private Vulnerability Reporting:** [Report a vulnerability](https://github.com/0x4m4/hexstrike-ai/security/advisories/new)
+
+### What to include
+
+- A clear description of the vulnerability
+- Steps to reproduce the issue
+- Affected version(s)
+- Potential impact
+- Suggested fix (if any)
+
+### Response timeline
+
+- **Acknowledgment:** within 7 days
+- **Status update:** within 14 days
+- **Fix or mitigation:** as soon as reasonably possible
+
+## Disclosure Policy
+
+We follow coordinated disclosure. Please allow a reasonable timeframe for a fix before publishing details publicly.
+
+## Scope
+
+This policy applies to the [hexstrike-ai](https://github.com/0x4m4/hexstrike-ai) repository and its official releases.