diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md
index 625753a57f..834ac23021 100644
--- a/release-notes/elastic-security/index.md
+++ b/release-notes/elastic-security/index.md
@@ -27,6 +27,21 @@ To check for security updates, go to [Security announcements for the Elastic sta
 
 % *
 
+## 9.0.3 [elastic-security-9.0.3-release-notes]
+
+### Features and enhancements [elastic-security-9.0.3-features-enhancements]
+* Adds `dns` event collection for macOS for {{elastic-defend}} [#223566]({{kib-pull}}223566).
+* Adds pricing information about Elastic Managed LLM in AI Assistant and Attack Discovery tours and callouts [#221566]({{kib-pull}}221566).
+* Adds support for DNS events on macOS. Events can be controlled from the policy using the **DNS events** checkbox.
+
+### Fixes [elastic-security-9.0.3-fixes]
+* Fixes a bug where OSS models didn’t work when streaming was ON [#224129]({{kib-pull}}224129).
+* Fixes a bug where cell actions didn’t work when opening a Timeline from specific rules [#223306]({{kib-pull}}223306).
+* Fixes an issue where the entity risk score feature stopped persisting risk score documents [#221937]({{kib-pull}}221937).
+* Fixes a bug where the **Rules**, **Alerts**, and **Fleet** pages would stall in air-gapped environments by ensuring API requests are sent even when offline [#220510]({{kib-pull}}220510).
+* Ensures the Amazon Bedrock connector respects the action proxy configuration [#224130]({{kib-pull}}224130).
+* Ensures the OpenAI connector respects the action proxy configuration for all sub-actions [#219617]({{kib-pull}}219617).
+
 ## 9.0.2 [elastic-security-9.0.2-release-notes]
 
 ### Features and enhancements [elastic-security-9.0.2-features-enhancements]
diff --git a/release-notes/elastic-security/known-issues.md b/release-notes/elastic-security/known-issues.md
index ad9507234e..e7d7a0e133 100644
--- a/release-notes/elastic-security/known-issues.md
+++ b/release-notes/elastic-security/known-issues.md
@@ -53,6 +53,10 @@ PUT /_ingest/pipeline/entity_analytics_create_eventIngest_from_timestamp-pipelin
 
 After you complete this step, risk scores should automatically begin to successfully persist during the entity risk engine's next run. Details for the next run time are described on the **Entity risk score** page, where you can also manually run the risk score by clicking **Run Engine**. 
 
+**Resolved**<br> 
+
+Resolved in {{stack}} 9.0.3
+
 :::
 
 :::{dropdown} Installing an {{elastic-defend}} integration or a new agent policy upgrades installed prebuilt rules, reverting user customizations and overwriting user-added actions and exceptions