diff --git a/config/actions-variables.yml b/config/actions-variables.yml
new file mode 100644
index 0000000..12e4a74
--- /dev/null
+++ b/config/actions-variables.yml
@@ -0,0 +1,19 @@
+# Org-level GitHub Actions variables — single source of truth for values every
+# repo in the org inherits at runtime.
+#
+# An org-level variable is visible to every repo (public + private) with no
+# per-repo plumbing, so this replaces the former per-repo fan-out of AI model
+# config and removes the need for a per-workflow literal model fallback in the
+# reusable-workflows repo.
+#
+# Keep this minimal: only variables actually referenced by a workflow belong
+# here. A repo may still override any of these with a repo-level variable of
+# the same name.
+ai_models:
+  # Universal default model for every AI workflow.
+  AI_MODEL: openrouter/auto
+  # Tier overrides — kept only where the value is genuinely distinct AND a
+  # workflow references the tier. Workflows fall back to AI_MODEL when unset.
+  AI_MODEL_CODE: openai/gpt-5.4-mini
+  AI_MODEL_ISSUES: minimax/minimax-m2.7
+  AI_MODEL_PLAN: google/gemini-3.1-pro-preview
diff --git a/locals.tf b/locals.tf
index 682cc0c..5a7729f 100644
--- a/locals.tf
+++ b/locals.tf
@@ -6,4 +6,8 @@ locals {
 
   push_protection_defaults   = local.rulesets_defaults.push_protection
   branch_protection_defaults = local.rulesets_defaults.branch_protection
+
+  # Org-level Actions variables, decoded from config/actions-variables.yml so
+  # org_settings.tf carries no inline values.
+  ai_model_variables = yamldecode(file("${path.module}/config/actions-variables.yml")).ai_models
 }
diff --git a/org_settings.tf b/org_settings.tf
new file mode 100644
index 0000000..005b564
--- /dev/null
+++ b/org_settings.tf
@@ -0,0 +1,17 @@
+# Org-level GitHub Actions variables.
+#
+# Canonical home for AI model selection consumed by the reusable workflows in
+# the org's ai-workflows repo. An org variable is inherited by every repo
+# (public + private), so callers need neither a repo-level copy nor a
+# per-workflow literal model fallback. Values live in
+# config/actions-variables.yml so this resource carries no inline config.
+#
+# Cost impact: free. Org-level Actions variables incur no per-seat or metered
+# cost on any plan or repo visibility.
+resource "github_actions_organization_variable" "ai_models" {
+  for_each = local.ai_model_variables
+
+  variable_name = each.key
+  value         = each.value
+  visibility    = "all"
+}