diff --git a/security.mdy b/security.mdy
new file mode 100644
index 0000000..5a923af
--- /dev/null
+++ b/security.mdy
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+All versions of the code under the **hawk-eye** project are covered by this security policy. Before reporting a vulnerability, please ensure the following:
+- You are using the **latest version** of the project.
+- The vulnerability has not already been **reported** in our issue tracker.
+- The issue is a genuine security vulnerability and not a **false positive**. For example:
+  - If you're reporting vulnerabilities like command execution, we will only address cases where the payload is sourced from **third-party platforms/libraries** or **user input**, rather than hardcoded data (e.g., in `connection.yaml` files).
+
+## Reporting a Vulnerability
+
+You can report a vulnerability by raising an issue with **detailed information** about the security concern. We will review the issue and work with you to resolve it promptly.