diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000000..537905b0cf7
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,8 @@
+## Reporting a Vulnerability
+
+We strongly encourage you to report security vulnerabilities to
+our private security mailing list: kserve-security@lists.lfaidata.foundation - first, before
+disclosing them in any public forums.
+
+This is a private mailing list where only active maintainers of the project are allowed to be the members of the group and receive reported
+security vulnerabilities, and the issues are treated as top priority.