diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index 1472c0c86..83ca1bbe8 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -1,3 +1,13 @@
+## Threat model
+
+Before reporting an issue, please review the FreeRTOS kernel threat model. It
+describes the security assumptions the kernel makes, which threats are in scope,
+and the protections the kernel does and does not provide. Understanding these
+boundaries helps determine whether an observed behavior is a security
+vulnerability or expected, documented behavior.
+
+- [FreeRTOS Kernel Threat Model](https://www.freertos.org/Security/02-Kernel-threat-model)
+
 ## Reporting a Vulnerability
 
 If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security