diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..e2943d5
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,27 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please do not report security vulnerabilities through public GitHub issues, pull requests, or discussions.
+
+Preferred private reporting channels:
+
+- GitHub private vulnerability reporting for this repository, if enabled.
+- If private vulnerability reporting is not enabled, contact the Obyte maintainers through the official Obyte contact channels and ask for a private security contact before sharing vulnerability details.
+
+Maintainers: please update this section with the project's preferred private security contact, or enable GitHub private vulnerability reporting for this repository.
+
+## What to Include
+
+When reporting through a private channel, please include:
+
+- The affected repository, branch, commit, or deployed component.
+- A clear description of the vulnerability.
+- Reproduction steps or a minimal proof of concept.
+- The expected and actual behavior.
+- Security impact.
+- Any proposed patch or mitigation, if available.
+
+## Public Disclosure
+
+Please do not publicly disclose vulnerability details until maintainers have had a reasonable opportunity to investigate, fix, and deploy a remediation.