diff --git a/ai-service/src/main/java/com/kt/ai/config/SecurityConfig.java b/ai-service/src/main/java/com/kt/ai/config/SecurityConfig.java
index 298aebf..dd39aca 100644
--- a/ai-service/src/main/java/com/kt/ai/config/SecurityConfig.java
+++ b/ai-service/src/main/java/com/kt/ai/config/SecurityConfig.java
@@ -34,6 +34,9 @@ public class SecurityConfig {
                 // CSRF 비활성화 (REST API는 CSRF 불필요)
                 .csrf(AbstractHttpConfigurer::disable)
 
+                // CORS 설정
+                .cors(cors -> cors.configurationSource(corsConfigurationSource()))
+
                 // 세션 사용 안 함 (JWT 기반 인증)
                 .sessionManagement(session ->
                         session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
@@ -47,6 +50,26 @@ public class SecurityConfig {
         return http.build();
     }
 
+    /**
+     * CORS 설정
+     * - 모든 Origin 허용 (Swagger UI 테스트를 위해)
+     * - 모든 HTTP Method 허용
+     * - 모든 Header 허용
+     */
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOriginPatterns(List.of("*")); // 모든 Origin 허용
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
+        configuration.setAllowedHeaders(List.of("*"));
+        configuration.setAllowCredentials(true);
+        configuration.setMaxAge(3600L);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
+
     /**
      * Chrome DevTools 요청 등 정적 리소스 요청을 Spring Security에서 제외
      */