diff --git a/WARP.md b/AGENTS.md
similarity index 98%
rename from WARP.md
rename to AGENTS.md
index 7bd9f4b361..e64bf20f46 100644
--- a/WARP.md
+++ b/AGENTS.md
@@ -133,6 +133,7 @@ This is a Rust-based terminal emulator with a custom UI framework called **WarpU
 - Those commands must pass completely before creating or updating a pull request
 - Specifically, ensure `./script/format` and `cargo clippy` checks pass
 - If they fail, fix all issues before proceeding with the PR
+- Do not create public pull requests or public issues that disclose a non-public security vulnerability. Refer users to `SECURITY.md` for the proper disclosure methods instead.
 - This applies to:
   - Opening new pull requests
   - Pushing new commits to existing PR branches
diff --git a/SECURITY.md b/SECURITY.md
index 16d94b5fe9..748e7ecd49 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,7 +4,7 @@ We take security seriously at Warp and appreciate the efforts of security resear
 
 ## Reporting a Vulnerability
 
-If you believe you've found a security vulnerability, please follow responsible disclosure practices and **do not** open a public GitHub issue, as this could expose the vulnerability before a fix is available.
+If you believe you've found a security vulnerability, please follow responsible disclosure practices and **do not** open a public GitHub issue or pull request, as this could expose the vulnerability before a fix is available.
 
 Instead, please report it through one of the following channels: