diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index ff817b47b..9d9a9c944 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,6 +3,13 @@ updates:
   - package-ecosystem: 'npm'
     directory: '/'
     schedule:
-      interval: 'monthly'
+      interval: 'weekly'
     target-branch: 'main'
-    open-pull-requests-limit: 5
+    open-pull-requests-limit: 10
+    groups:
+      patch-updates:
+        update-types:
+          - 'patch'
+      minor-updates:
+        update-types:
+          - 'minor'
diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml
new file mode 100644
index 000000000..02d421e6c
--- /dev/null
+++ b/.github/workflows/security-audit.yml
@@ -0,0 +1,28 @@
+name: Security Audit
+
+on:
+  schedule:
+    - cron: '0 8 * * 1'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Security audit
+        run: npm audit --audit-level=high --omit=dev