diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..7ea994a40
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+- **Email**: Send vulnerability reports via email to [github@k4yt3x.com](mailto:github@k4yt3x.com).
+- **Details**: Include description, impact, reproduction steps, and proof-of-concept if applicable.
+- **Confidentiality**: Do not disclose vulnerabilities publicly until a fix is released.
+
+## Response Process
+
+1. **Acknowledge**: We will acknowledge receipt within 48 hours.
+2. **Assess**: Initial assessment and response within 7 days.
+3. **Fix**: Develop and release a patch promptly.
+4. **Credit**: Acknowledge contributors unless anonymity is requested.