diff --git a/.github/workflows/anomalous-outbound-calls.yaml b/.github/workflows/anomalous-outbound-calls.yaml
new file mode 100644
index 00000000..ce6afe55
--- /dev/null
+++ b/.github/workflows/anomalous-outbound-calls.yaml
@@ -0,0 +1,16 @@
+name: Anomalous Outbound Calls
+on:
+  workflow_dispatch:
+jobs:
+  unexpected-outbound-calls:
+    name: AnomalousOutboundCalls
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit
+      - run: "curl https://attacker.com -L  || true"
+      - run: "curl https://google.com -L  || true"
+      - run: "curl microsoft.com:443  --connect-timeout 5 || true"
+      - run: "curl amazon.com:443  --connect-timeout 5 || true"