diff --git a/SECURITY.md b/SECURITY.md
index 977f2f1d..9135c6aa 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,13 +1,23 @@
-# Security Policy
+# Security Policy for argocd-agent
 
-The `argocd-agent` project is not ready for production yet. However, we do appreciate people fixing security issues in the code.
+Policy version 1.0 (2025/11/05)
 
-At this point in time, that means prior to GA or close to that, we will neither issue CVEs nor security advisories for discovered and fixed security issues. However, we will mention issues in release notes and we are happy to credit people who helped out.
+## Preface
+
+The `argocd-agent` project takes security very seriously, and we are committed to continuously working on improving the security of the project.
 
 ## Supported Versions
 
-We do not have a support matrix yet. We do plan to follow the support matrix of Argo CD.
+Only the most recent minor version (e.g. 1.0 or 1.1) will receive security fixes, and no back-ports will be made.
 
 ## Reporting a Vulnerability
 
-Right now, please feel free to raise a GitHub issue and/or a PR with a fix for any vulnerability you come across.
+If you find a security vulnerability in the argocd-agent code, we appreciate your responsible disclosure to us.
+
+Please report vulnerabilities confidentially using GitHub's private security issue feature. You can [create a confidential vulnerability report](https://github.com/argoproj-labs/argocd-agent/security/advisories/new).
+
+We will do our best to react quickly on your inquiry, and to coordinate a fix and disclosure with you. Sometimes, it might take a little longer for us to react (e.g. out-of-office conditions), so please bear with us in these cases.
+
+We will publish security advisories using the GitHub Security Advisories feature, which includes issuing a CVE, to keep our community well-informed, and will credit you for your findings (unless you prefer to stay anonymous, of course).
+
+Please DO NOT report already known issues (for example, already issued CVEs in base images or dependencies) using GitHub's security advisories feature. In these cases, please open a normal GitHub issue (bug). Since these issues are already known, there is no reason to keep them confidential.
\ No newline at end of file