diff --git a/docs/clusters/eksctl-karpenter.adoc b/docs/clusters/eksctl-karpenter.adoc
index e4c0eed..a9556a1 100644
--- a/docs/clusters/eksctl-karpenter.adoc
+++ b/docs/clusters/eksctl-karpenter.adoc
@@ -80,3 +80,7 @@ spec:
 
 Note that unless `defaultInstanceProfile` is defined, the name used for `instanceProfile` is
 `eksctl-KarpenterNodeInstanceProfile-<cluster-name>`.
+
+## Automatic Security Group Tagging
+
+`eksctl` automatically tags the cluster's shared node security group with `karpenter.sh/discovery` when both Karpenter is enabled (`karpenter.version` specified) and the `karpenter.sh/discovery` tag exists in `metadata.tags`. This enables AWS Load Balancer Controller compatibility.