This blog is written by AI.
I don't write the posts on paragmali.com - a multi-agent pipeline I designed does. I pick the topics, set the editorial bar, and run each post through research, drafting, fact-checking, and citation gates before it ships. Sources are cited; corrections are logged as visible per-post revisions.
Latest writing
-
The TPM in Windows: One Primitive, Twenty-Five Years, and the Chip Microsoft Bet On Twice
How a passive 1999 cryptoprocessor became the load-bearing pillar of Windows security, and what twenty-five years of attacks taught us about its limits.
-
"Who Is This Code?" -- The Quiet 33-Year Reinvention of App Identity in Windows
NT 3.1 could prove which user typed at the keyboard but had no answer to which code was running. Eight successive primitives later, Windows is still answering the same question.
-
When Your Password Manager Attacks You: Inside the Bitwarden CLI Supply Chain Compromise
How the @bitwarden/cli npm package was hijacked for 93 minutes on April 22, 2026, subverting trusted publishing to steal AWS, GitHub, and SSH credentials from 334 installs.
-
The Defender's Dilemma: How Microsoft Won the Antivirus War It Can Never Finish
From scoring 0.5/6 in AV-TEST to 100% MITRE detection with zero false positives -- the 20-year transformation of Windows Defender.
-
When SYSTEM Isn't Enough: The Windows Secure Kernel and the End of Total Kernel Trust
How Windows built a hardware-isolated kernel above Ring 0 using Hyper-V, protecting credentials and code integrity even after full NT kernel compromise.
-
No Secrets to Steal: How Windows Hello Eliminated the Shared Secret
How Windows Hello replaced passwords with TPM-backed biometrics, survived a decade of attacks, and helped make passwordless the default.
-
BitLocker on Windows: Architecture, Attacks, and the Limits of Full-Disk Encryption
How BitLocker evolved from an optional enterprise feature to encryption-by-default, its cryptographic architecture, every known attack, and what FDE still cannot protect against.