diff --git a/README.md b/README.md
index 78de918..8fe21d5 100644
--- a/README.md
+++ b/README.md
@@ -82,6 +82,36 @@ A small colour-coded bar appears at the top (or bottom) of your screen:
 
 Set `overlay_position: none` to disable.
 
+## Windows Defender False Positive
+
+Windows Defender may flag `mouth.exe` as malicious and quarantine it. This is a
+false positive caused by the way Mouth works — it uses global keyboard hooks,
+simulated input, and clipboard access, which are the same techniques used by
+legitimate accessibility tools but also match heuristic patterns that antivirus
+software looks for.
+
+Mouth is open source and you can inspect every line of code in this repository.
+Unfortunately, the only reliable way to prevent these warnings is to purchase a
+code signing certificate, which I can't justify for a free, non-commercial
+project. If you're not comfortable adding an exception, you're welcome to build
+the exe yourself from source (see below) — a locally built binary is far less
+likely to be flagged.
+
+To add an exclusion in Windows Defender:
+
+1. Open **Windows Security** (search for it in the Start menu)
+2. Go to **Virus & threat protection**
+3. Under "Virus & threat protection settings", click **Manage settings**
+4. Scroll down to **Exclusions** and click **Add or remove exclusions**
+5. Click **Add an exclusion** → **File**, then select `mouth.exe`
+
+If Defender has already quarantined the file, you'll need to restore it first:
+
+1. In **Virus & threat protection**, click **Protection history**
+2. Find the Mouth entry, expand it, and click **Restore**
+
+Then add the exclusion above to prevent it happening again.
+
 ## Building from Source
 
 Requires Rust 1.75+.