From f595e11723d21ee193804d243ee7b8a16725d8fa Mon Sep 17 00:00:00 2001
From: viyatb-oai <viyatb@openai.com>
Date: Thu, 19 Feb 2026 09:12:59 -0800
Subject: [PATCH] docs: add codex security policy (#12193)

## Summary
Adds SECURITY.MD with Codex security policy and Bugcrowd reporting
guidance
---
 SECURITY.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..d6dd568910
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+Thank you for helping us keep Codex secure!
+
+## Reporting Security Issues
+
+The security is essential to OpenAI's mission. We appreciate the work of security researchers acting in good faith to identify and responsibly report potential vulnerabilities, helping us maintain strong privacy and security standards for our users and technology.
+
+Our security program is managed through Bugcrowd, and we ask that any validated vulnerabilities be reported via the [Bugcrowd program](https://bugcrowd.com/engagements/openai).
+
+## Vulnerability Disclosure Program
+
+Our Vulnerability Program Guidelines are defined on our [Bugcrowd program page](https://bugcrowd.com/engagements/openai).