diff --git a/src/pages/Specification.jsx b/src/pages/Specification.jsx
index 421e91e..46b0279 100644
--- a/src/pages/Specification.jsx
+++ b/src/pages/Specification.jsx
@@ -25,6 +25,7 @@ export default function SpecificationPage() {
                         <a href="#system-identity" className="text-indigo-600 hover:text-indigo-700">System Identity</a>
                         <a href="#ownership" className="text-indigo-600 hover:text-indigo-700">Ownership</a>
                         <a href="#capabilities" className="text-indigo-600 hover:text-indigo-700">Capabilities</a>
+                        <a href="#security-extensions" className="text-indigo-600 hover:text-indigo-700">Security Extensions</a>
                         <a href="#dependencies" className="text-indigo-600 hover:text-indigo-700">Dependencies</a>
                         <a href="#constraints" className="text-indigo-600 hover:text-indigo-700">Constraints</a>
                         <a href="#runtime" className="text-indigo-600 hover:text-indigo-700">Runtime</a>
@@ -207,6 +208,59 @@ runtime:
                 </div>
             </section>
 
+            {/* Security Extensions */}
+            <section id="security-extensions" className="py-12 px-6 bg-gray-50">
+                <div className="max-w-5xl mx-auto">
+                    <h2 className="text-2xl font-semibold mb-4">Security Extensions (x-security)</h2>
+                    <p className="text-gray-600 mb-6">
+                        For security tools (EDR, SIEM, SOAR, etc.), the <code className="text-sm bg-gray-200 px-1.5 py-0.5 rounded">x-security</code> extension
+                        describes actionable capabilities for automation. This enables SOAR platforms to auto-discover what security tools can do.
+                    </p>
+                    <CodeBlock language="yaml">{`provides:
+  - capability: "host-containment"
+    type: "rest"
+    contract:
+      type: "openapi"
+      ref: "./api/containment.yaml"
+    x-security:
+      actuator_profile: "edr"              # OpenC2 actuator type
+      actions: ["contain", "allow", "query"]  # Supported actions
+      targets: ["hostname", "device_id"]   # Target types`}</CodeBlock>
+
+                    <h3 className="text-lg font-medium mt-8 mb-4">Extension Fields</h3>
+                    <div className="overflow-x-auto">
+                        <table className="w-full text-left text-sm">
+                            <thead>
+                                <tr className="border-b border-gray-200">
+                                    <th className="py-3 pr-8 font-medium text-gray-900">Field</th>
+                                    <th className="py-3 font-medium text-gray-900">Description</th>
+                                </tr>
+                            </thead>
+                            <tbody className="text-gray-600">
+                                <tr className="border-b border-gray-100">
+                                    <td className="py-3 pr-8 font-mono text-sm">actuator_profile</td>
+                                    <td className="py-3">OpenC2-inspired profile: <code className="text-xs bg-gray-200 px-1 rounded">edr</code>, <code className="text-xs bg-gray-200 px-1 rounded">siem</code>, <code className="text-xs bg-gray-200 px-1 rounded">slpf</code>, <code className="text-xs bg-gray-200 px-1 rounded">soar</code></td>
+                                </tr>
+                                <tr className="border-b border-gray-100">
+                                    <td className="py-3 pr-8 font-mono text-sm">actions</td>
+                                    <td className="py-3">Supported actions: <code className="text-xs bg-gray-200 px-1 rounded">query</code>, <code className="text-xs bg-gray-200 px-1 rounded">contain</code>, <code className="text-xs bg-gray-200 px-1 rounded">deny</code>, <code className="text-xs bg-gray-200 px-1 rounded">allow</code>, <code className="text-xs bg-gray-200 px-1 rounded">remediate</code>, <code className="text-xs bg-gray-200 px-1 rounded">notify</code></td>
+                                </tr>
+                                <tr>
+                                    <td className="py-3 pr-8 font-mono text-sm">targets</td>
+                                    <td className="py-3">Target types: <code className="text-xs bg-gray-200 px-1 rounded">hostname</code>, <code className="text-xs bg-gray-200 px-1 rounded">ipv4_addr</code>, <code className="text-xs bg-gray-200 px-1 rounded">file</code>, <code className="text-xs bg-gray-200 px-1 rounded">process</code>, <code className="text-xs bg-gray-200 px-1 rounded">ioc</code></td>
+                                </tr>
+                            </tbody>
+                        </table>
+                    </div>
+
+                    <div className="mt-6 p-4 bg-indigo-50 rounded-lg">
+                        <p className="text-sm text-indigo-800">
+                            <strong>Export to OpenC2:</strong> Use <code className="text-xs bg-indigo-100 px-1 rounded">scp-cli scan --export openc2</code> to generate an actuator inventory for SOAR integration.
+                        </p>
+                    </div>
+                </div>
+            </section>
+
             {/* Dependencies */}
             <section id="dependencies" className="py-12 px-6 bg-gray-50">
                 <div className="max-w-5xl mx-auto">

Field	Description
actuator_profile	OpenC2-inspired profile: `edr`, `siem`, `slpf`, `soar`
actions	Supported actions: `query`, `contain`, `deny`, `allow`, `remediate`, `notify`
targets	Target types: `hostname`, `ipv4_addr`, `file`, `process`, `ioc`