diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..6064624e1f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please do not report security vulnerabilities through public GitHub issues.
+
+If GitHub private vulnerability reporting is available, use the **Report a vulnerability** button on the repository's Security tab. Otherwise, contact the maintainers through the project's documented support channels before sharing details publicly.
+
+When reporting a vulnerability, include the affected version or commit, a concise impact summary, reproduction steps, and any relevant configuration needed to reproduce the issue.