diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 7de1246..3507c4f 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -30,8 +30,16 @@ jobs:
 
       - name: Bandit security check
         run: |
-          bandit -r src/ -f json -o bandit-report.json || true
+          bandit -r src/ -f json -o bandit-report.json
           bandit -r src/ -f txt
+          
+          # Check for HIGH severity issues only
+          HIGH_COUNT=$(python3 -c "import json; data=json.load(open('bandit-report.json')); print(len([i for i in data['results'] if i['severity'] == 'HIGH']))")
+          if [ "$HIGH_COUNT" -gt 0 ]; then
+            echo "Found $HIGH_COUNT HIGH severity security issues"
+            exit 1
+          fi
+          echo "No HIGH severity security issues found (LOW/MEDIUM are acceptable)"
 
       - name: Safety check for dependencies
         run: safety check --json || true