diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md
index 252ef8d469..cfcaa87f35 100644
--- a/release-notes/elastic-security/index.md
+++ b/release-notes/elastic-security/index.md
@@ -140,6 +140,18 @@ To check for security updates, go to [Security announcements for the Elastic sta
 * Fixes an issue in {{elastic-defend}} that could result in a crash if a specified {{ls}} output configuration contained a certificate that couldn't be parsed.
 * Fixes CVE-2025-37735 ([ESA-2025-23](https://discuss.elastic.co/t/elastic-defend-8-19-6-9-1-6-and-9-2-0-security-update-esa-2025-23/383272)) in {{elastic-defend}} on Windows which could allow a low-privilege attacker to delete arbitrary files on the system and potentially escalate privileges to SYSTEM. Windows 11 24H2 includes changes which make this issue harder to exploit.
 
+## 9.1.8 [elastic-security-9.1.8-release-notes]
+
+### Features and enhancements [elastic-security-9.1.8-features-enhancements]
+* Improves the alert details flyout by saving the selected threat intelligence time to local storage [#243571]({{kib-pull}}243571).
+* Improves the alert details flyout by saving the selected prevalence time to local storage [#243543]({{kib-pull}}243543).
+
+### Fixes [elastic-security-9.1.8-fixes]
+* Fixes an issue where the "Top <_n_>" popover stayed open after opening the create case flyout. It now closes automatically when the new case flyout opens [#242045]({{kib-pull}}242045).
+* Fixes a UI issue when displaying {{esql}} queries in Timeline full screen mode [#242027]({{kib-pull}}242027).
+* Prevents unnecessary policy reloads in {{elastic-defend}} when only the overall config version changes.
+* Fixes a bug where {{elastic-defend}} for Linux could fail to bootstrap with {{agent}}.
+
 
 ## 9.1.7 [elastic-security-9.1.7-release-notes]