diff --git a/ROADMAP.md b/ROADMAP.md
new file mode 100644
index 0000000..9329d3f
--- /dev/null
+++ b/ROADMAP.md
@@ -0,0 +1,28 @@
+# ThreatHunt — Roadmap (Intent-Level)
+
+This roadmap reflects analytical evolution only.
+
+## Near Term
+- Better CSV ingestion resilience
+- Stronger artifact normalization
+- Improved analyst annotations
+- Expanded VirusTotal usage
+
+## Mid Term
+- Additional enrichment sources
+- Pattern and clustering analysis
+- Analyst hypothesis tracking
+- Cross-hunt correlation views
+
+## Long Term
+- Assisted analysis suggestions
+- Historical trend analysis
+- Exportable intelligence products
+
+---
+
+## Explicit Non-Goals
+- Live endpoint interaction
+- Automated remediation
+- Workflow orchestration
+- Acting without analyst review