diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..30605eca4
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,47 @@
+# Security Policy
+
+## Reporting Security Issues
+
+We take the security of our project seriously. If you believe you have found a security vulnerability, please report it to us privately. **Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
+
+> **Important Note**: Any code within the `classic/` folder is considered legacy, unsupported, and out of scope for security reports. We will not address security vulnerabilities in this deprecated code.
+
+Instead, please report them via:
+- [GitHub Security Advisory](https://github.com/Significant-Gravitas/AutoGPT/security/advisories/new)
+- [Huntr.dev](https://huntr.com/repos/significant-gravitas/autogpt) - where you may be eligible for a bounty
+
+### Reporting Process
+1. **Submit Report**: Use one of the above channels to submit your report
+2. **Response Time**: Our team will acknowledge receipt of your report within 14 business days.
+3. **Collaboration**: We will collaborate with you to understand and validate the issue
+4. **Resolution**: We will work on a fix and coordinate the release process
+
+### Disclosure Policy
+- Please provide detailed reports with reproducible steps
+- Include the version/commit hash where you discovered the vulnerability
+- Allow us a 90-day security fix window before any public disclosure
+- Share any potential mitigations or workarounds if known
+
+## Supported Versions
+Only the following versions are eligible for security updates:
+
+| Version | Supported |
+|---------|-----------|
+| Latest release on master branch | ✅ |
+| Development commits (pre-master) | ✅ |
+| Classic folder (deprecated) | ❌ |
+| All other versions | ❌ |
+
+## Security Best Practices
+When using this project:
+1. Always use the latest stable version
+2. Review security advisories before updating
+3. Follow our security documentation and guidelines
+4. Keep your dependencies up to date
+5. Do not use code from the `classic/` folder as it is deprecated and unsupported
+
+## Past Security Advisories
+For a list of past security advisories, please visit our [Security Advisory Page](https://github.com/Significant-Gravitas/AutoGPT/security/advisories) and [Huntr Disclosures Page](https://huntr.com/repos/significant-gravitas/autogpt).
+
+---
+Last updated: November 2024