From d2b4b7450c9dc59d92ec8142523f080244379a8b Mon Sep 17 00:00:00 2001
From: Jarek Potiuk <jarek@potiuk.com>
Date: Sun, 31 May 2026 02:53:27 +0200
Subject: [PATCH] AGENTS.md: link the project's security model for agent
 discoverability

---
 AGENTS.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/AGENTS.md b/AGENTS.md
index 3094ce4a58f..0151bab8c25 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -258,6 +258,11 @@ See `CONTRIBUTING.md` for full details.
 
 Please see the page of the [ASF Security Team](https://www.apache.org/security/) for further information and contact information.
 
+Security model: [SECURITY.md](./SECURITY.md) → [THREAT_MODEL.md](./THREAT_MODEL.md). Agents that
+scan this repository should consult `SECURITY.md` and the linked `THREAT_MODEL.md` for the project's
+threat model — in-scope / out-of-scope declarations, the security properties claimed and disclaimed,
+and known non-findings — before reporting issues.
+
 ## Resources
 
 - **Grails 7 Guide**: https://grails.apache.org/docs/latest/guide/single.html