diff --git a/scenarios/m03_ghost_in_the_machine/mission.json b/scenarios/m03_ghost_in_the_machine/mission.json
new file mode 100644
index 0000000..4b9eabb
--- /dev/null
+++ b/scenarios/m03_ghost_in_the_machine/mission.json
@@ -0,0 +1,39 @@
+{
+  "display_name": "Ghost in the Machine",
+  "description": "Infiltrate Zero Day Syndicate under the guise of a security researcher recruit. Clone Victoria Sterling's RFID keycard, exploit vulnerable training network services, and uncover evidence linking Zero Day to the St. Catherine's Hospital ransomware attack. Your investigation reveals The Architect's Phase 2 plans targeting critical infrastructure.",
+  "difficulty_level": 2,
+  "secgen_scenario": "ghost_in_machine_vm_network",
+  "collection": "season_1",
+  "cybok": [
+    {
+      "ka": "NS",
+      "topic": "Network Security",
+      "keywords": ["nmap scanning", "Service enumeration", "Banner grabbing", "Network reconnaissance"]
+    },
+    {
+      "ka": "MAT",
+      "topic": "Malware & Attack Technologies",
+      "keywords": ["CVE-2004-2687", "distcc exploitation", "Remote code execution", "Zero-day marketplace"]
+    },
+    {
+      "ka": "AC",
+      "topic": "Applied Cryptography",
+      "keywords": ["Encoding vs encryption", "ROT13", "Base64", "Hexadecimal", "Multi-layer decoding"]
+    },
+    {
+      "ka": "HF",
+      "topic": "Human Factors",
+      "keywords": ["Social engineering", "RFID cloning", "Cover identity", "Trust exploitation"]
+    },
+    {
+      "ka": "SS",
+      "topic": "Systems Security",
+      "keywords": ["Service vulnerabilities", "Docker networks", "Physical security", "Evidence correlation"]
+    },
+    {
+      "ka": "RM",
+      "topic": "Risk Management & Governance",
+      "keywords": ["Vulnerability economics", "Exploit pricing", "Ethical decision-making", "Moral dilemmas"]
+    }
+  ]
+}