diff --git a/.cargo/audit.toml b/.cargo/audit.toml
new file mode 100644
index 0000000..7266adc
--- /dev/null
+++ b/.cargo/audit.toml
@@ -0,0 +1,21 @@
+[advisories]
+ignore = [
+    # `ark-relations` is an unactivated optional transitive dep (via `ark-bn254`'s`r1cs` feature)
+    # that is never compiled but still appears in Cargo.lock, and hence gets considered by `cargo
+    # audit`. There is an upstream fix for `ark-relations`, but it's not yet published to crates.io.
+    # See https://github.com/arkworks-rs/snark/issues/413.
+    "RUSTSEC-2025-0055",
+
+    # `bincode` is unmaintained; transitive reth dep.
+    "RUSTSEC-2025-0141",
+
+    # `derivative` is unmaintained; transitive dep via revm's `ark-ff`.
+    "RUSTSEC-2024-0388",
+
+    # `paste` is unmaintained; transitive dep via revm's `ark-ff` and alloy's `syn-solidity`.
+    "RUSTSEC-2024-0436",
+
+    # `lru` IterMut unsoundness; transitive dep via reth's `discv5` and `ratatui`.
+    # Neither crate calls `iter_mut()` on the LruCache, so the affected code path is never hit.
+    "RUSTSEC-2026-0002",
+]
diff --git a/.github/workflows/rust-audit-security.yml b/.github/workflows/rust-audit-security.yml
new file mode 100644
index 0000000..9730513
--- /dev/null
+++ b/.github/workflows/rust-audit-security.yml
@@ -0,0 +1,19 @@
+name: Security Audit
+# This workflow uses rustsec/audit-check to check for security vulnerabilities
+# On scheduled runs: automatically creates GitHub issues for findings
+# On push/PR: creates status checks that fail when vulnerabilities are found
+
+on:
+  schedule:
+    # Run daily at 09:00 UTC
+    - cron: '0 9 * * *'
+  workflow_dispatch: # Allow manual runs
+
+permissions: # these permissions are required for the workflow to run
+  contents: read  # Required to checkout the repository
+  issues: write   # Required to create issues (scheduled runs)
+  checks: write   # Required to create status checks (push/PR)
+
+jobs:
+  security-audit:
+    uses: init4tech/actions/.github/workflows/rust-audit-security.yml@main
diff --git a/Cargo.lock b/Cargo.lock
index 32aff8b..789ae78 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1439,9 +1439,9 @@ checksum = "155a5a185e42c6b77ac7b88a15143d930a9e9727a5b7b77eed417404ab15c247"
 
 [[package]]
 name = "async-compression"
-version = "0.4.38"
+version = "0.4.39"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "82da0ea54ea533ec09d949717c6386a1c34f2d9b51c1fcc7eef8b9ce0b690a3e"
+checksum = "68650b7df54f0293fd061972a0fb05aaf4fc0879d3b3d21a638a182c5c543b9f"
 dependencies = [
  "compression-codecs",
  "compression-core",
@@ -5039,9 +5039,9 @@ dependencies = [
 
 [[package]]
 name = "interprocess"
-version = "2.3.0"
+version = "2.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7b00d05442c2106c75b7410f820b152f61ec0edc7befcb9b381b673a20314753"
+checksum = "53bf2b0e0785c5394a7392f66d7c4fb9c653633c29b27a932280da3cb344c66a"
 dependencies = [
  "doctest-file",
  "futures-core",