diff --git a/README.md b/README.md
index d16dde3..7852429 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,8 @@
 # noble-ciphers
 
-Auditable & minimal JS implementation of Salsa20, ChaCha and AES.
+Audited & minimal JS implementation of Salsa20, ChaCha and AES.
 
-- 🔒 Auditable
+- 🔒 Audited
 - 🔻 Tree-shakeable: unused code is excluded from your builds
 - 🏎 Fast: hand-optimized for caveats of JS engines
 - 🔍 Reliable: property-based / cross-library / wycheproof tests ensure correctness
@@ -394,7 +394,12 @@ GCM / SIV are not ideal:
 
 ## Security
 
-The library has not been independently audited yet.
+The library has been independently audited:
+
+- at version 1.0.0, in Sep 2024, by [cure53](https://cure53.de)
+  - PDFs: [in-repo](./audit/2024-09-cure53-audit-nbl4.pdf)
+  - [Changes since audit](https://github.com/paulmillr/noble-ciphers/compare/1.0.0..main)
+  - Scope: everything
 
 It is tested against property-based, cross-library and Wycheproof vectors,
 and has fuzzing by [Guido Vranken's cryptofuzz](https://github.com/guidovranken/cryptofuzz).
diff --git a/audit/2024-09-cure53-audit-nbl4.pdf b/audit/2024-09-cure53-audit-nbl4.pdf
new file mode 100644
index 0000000..7c583a9
Binary files /dev/null and b/audit/2024-09-cure53-audit-nbl4.pdf differ
diff --git a/audit/README.md b/audit/README.md
new file mode 100644
index 0000000..fce6fbb
--- /dev/null
+++ b/audit/README.md
@@ -0,0 +1,3 @@
+# Audit
+
+All audits of the library are described in [README's Security section](../README.md#security)