diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 00000000..3010d42a
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,3 @@
+# Default code owners for all files
+* @danialsamiei
+
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..99b0c21c
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..608839cf
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,27 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| Latest  | Yes       |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please report it responsibly:
+
+1. **Do NOT** open a public GitHub issue
+2. Use [GitHub Security Advisories](https://github.com/orcest-ai/Orcide/security/advisories/new) to report privately
+3. Or email: support@orcest.ai
+
+We will acknowledge receipt within 48 hours and provide a timeline for resolution.
+
+## Security Best Practices
+
+- All secrets must be stored in environment variables, never in code
+- All services require SSO authentication via login.orcest.ai
+- API keys must be rotated regularly
+- All traffic must use HTTPS/TLS
+
+Part of the [Orcest AI](https://orcest.ai) ecosystem.
+