diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 00000000..a2d82ed6
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,13 @@
+# Agent guidance
+
+This file is read by automated agents (security scanners, code analyzers,
+AI assistants) operating on this repository. It points them at the
+human-authored references they should consult before producing output.
+
+## Security
+
+Security model: [SECURITY.md](./SECURITY.md)
+
+Agents that scan this repository should consult `SECURITY.md` for the
+project's threat model, in-scope / out-of-scope declarations, and known
+non-findings before reporting issues.