SECURITY.md: clarify the use of AI

chrisbra · chrisbra · commit 2c976d0de48d · 2026-04-01T10:33:42.000Z
Signed-off-by: Christian Brabandt &lt;cb@256bit.org&gt;
diff --git a/SECURITY.md b/SECURITY.md
@@ -2,9 +2,16 @@
 
 ## Reporting a vulnerability
 
-If you want to report a security issue, please privately disclose the issue to the vim-security mailing list
-vim-security@googlegroups.com
-
-This is a private list, read only by the maintainers, but anybody can post, after moderation.
+If you want to report a security issue, please privately disclose the issue either via:
+- The vim-security mailing list: vim-security@googlegroups.com  
+  This is a private list, read only by the maintainers, but anybody can post.
+- [GitHub Security Advisories](https://github.com/vim/vim/security/advisories/new)
 
 **Please don't publicly disclose the issue until it has been addressed by us.**
+
+## Guidelines for reporting
+- Clearly explain **why** the behaviour is a security issue, not just that a bug exists.
+- Keep reports concise and focused.
+- Do not flood us with a list of issues. Report them one by one to ensure to not overwhelm us with the work load.
+- Do **not** submit AI-generated reports without carefully reviewing them first. Low-quality or
+  speculative reports waste maintainer time and will be closed without action, and repeat offenders **will be banned**.
