diff --git a/README.md b/README.md
index d1bc80c..c3bc8d1 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@ Harden-Runner GitHub Action installs a security agent on the GitHub-hosted runne
 
 
 <p align="left">
-  <img src="images/main-screenshot1.png" alt="Policy recommended by harden-runner">
+  <img src="images/demo.gif" alt="Harden Runner demo">
 </p>
 
 ## Why
@@ -73,6 +73,10 @@ Read this [case study](https://infosecwriteups.com/detecting-malware-packages-in
 
 For details, check out the documentation at https://docs.stepsecurity.io
 
+<p align="left">
+  <img src="images/main-screenshot1.png" alt="Policy recommended by harden-runner">
+</p>
+
 ### Restrict egress traffic to allowed endpoints
 
 Once allowed endpoints are set in the workflow file,
diff --git a/images/demo.gif b/images/demo.gif
new file mode 100644
index 0000000..7029884
Binary files /dev/null and b/images/demo.gif differ