From f41f2ad7c532dee3dc87bf3a974fba5e66af961c Mon Sep 17 00:00:00 2001
From: "Michael R. Bernstein" <zopemaven@gmail.com>
Date: Tue, 18 Nov 2025 10:37:43 -0700
Subject: [PATCH] Add security policy for vulnerability reporting

Signed-off-by: Michael R. Bernstein <zopemaven@gmail.com>
---
 SECURITY.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..fc2810ec
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,26 @@
+# Security Policy
+
+## Reporting Vulnerabilities
+
+**Email**: security@moonshot.cn
+
+When reporting a vulnerability, please include:
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Suggested remediation (if any)
+
+**Response Time**: We aim to acknowledge reports within 48-72 hours.
+
+## Security Posture
+
+**Current Status**: Security practices are under active discussion in the community.
+
+- **Independent security audits**: See [Issue #252](https://github.com/MoonshotAI/kimi-cli/issues/252)
+- **GPG signing of releases**: See [Issue #253](https://github.com/MoonshotAI/kimi-cli/issues/253)
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| 0.55    | :white_check_mark: |