diff --git a/README.md b/README.md
index 3e2db940..41612af3 100644
--- a/README.md
+++ b/README.md
@@ -209,3 +209,7 @@ Head over to the [Uninstall](docs/Uninstall.md) guide for uninstallation instruc
 ## Terms of Service and Privacy Notice
 
 For details on the terms of service and privacy notice applicable to your use of Gemini CLI, see the [Terms of Service and Privacy Notice](./docs/tos-privacy.md).
+
+## Security Disclosures
+
+Please see our [security disclosure process](SECURITY.md). All [security advisories](https://github.com/google-gemini/gemini-cli/security/advisories) are managed on Github.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..226310c2
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,8 @@
+# Reporting Security Issues
+
+To report a security issue, please use [https://g.co/vulnz](https://g.co/vulnz).
+We use g.co/vulnz for our intake, and do coordination and disclosure here on
+GitHub (including using GitHub Security Advisory). The Google Security Team will
+respond within 5 working days of your report on g.co/vulnz.
+
+[GitHub Security Advisory]: https://github.com/google-gemini/gemini-cli/security/advisories