diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..857417b
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,26 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+**Do not open a GitHub or Codeberg issue for security vulnerabilities.**
+
+Email: `security@circuitforge.tech`
+
+Include:
+- A description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Any suggested fix (optional)
+
+**Response target:** 72 hours for acknowledgement, 14 days for triage.
+
+We follow responsible disclosure — we will coordinate a fix and release before any
+public disclosure and will credit you in the release notes unless you prefer to remain
+anonymous.
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| Latest release | ✅ |
+| Older releases | ❌ — please upgrade |