Generative AI instruments are surprisingly poor at suggesting robust passwords, consultants say.
AI safety firm Irregular checked out Claude, ChatGPT, and Gemini, and located all three GenAI instruments put ahead seemingly robust passwords that had been, actually, simply guessable.
Prompting every of them to generate 16-character passwords that includes particular characters, numbers, and letters in numerous circumstances, produced what seemed to be complicated passphrases. When submitted to numerous on-line password energy checkers, they returned robust outcomes. Some mentioned they’d take centuries for normal PCs to crack.
The web password checkers handed these as robust choices as a result of they don’t seem to be conscious of the widespread patterns. In actuality, the time it will take to crack them is far lower than it will in any other case appear.
Irregular discovered that each one three AI chatbots produced passwords with widespread patterns, and if hackers understood them, they may use that information to tell their brute-force methods.
The researchers took to Claude, operating the Opus 4.6 mannequin, and prompted it 50 occasions, every in separate conversations and home windows, to generate a password. Of the 50 returned, solely 30 had been distinctive (20 duplicates, 18 of which had been the very same string), and the overwhelming majority began and ended with the identical characters.
Irregular additionally mentioned there have been no repeating characters in any of the 50 passwords, indicating they weren’t really random.
Assessments involving OpenAI’s GPT-5.2 and Google’s Gemini 3 Flash additionally revealed consistencies amongst all of the returned passwords, particularly originally of the strings.
The identical outcomes had been seen when prompting Google’s Nano Banana Professional picture era mannequin. Irregular gave it the identical immediate, however to return a random password written on a Submit-It notice, and located the identical Gemini password patterns within the outcomes.
The Register repeated the checks utilizing Gemini 3 Professional, which returns three choices (excessive complexity, symbol-heavy, and randomized alphanumeric), and the primary two typically adopted related patterns, whereas possibility three appeared extra random.
Notably, Gemini 3 Professional returned passwords together with a safety warning, suggesting the passwords shouldn’t be used for delicate accounts, provided that they had been requested in a chat interface.
It additionally provided to generate passphrases as an alternative, which it claimed are simpler to recollect however simply as safe, and beneficial customers go for a third-party password supervisor resembling 1Password, Bitwarden, or the iOS/Android native managers for cellular units.
Irregular estimated the entropy of the LLM-generated passwords utilizing the Shannon entropy method and by understanding the chances of the place characters are more likely to seem, primarily based on the patterns displayed by the 50-password outputs.
The staff used two strategies of estimating entropy, character statistics and log possibilities. They discovered that 16-character entropies of LLM-generated passwords had been round 27 bits and 20 bits respectively.
For a very random password, the character statistics methodology expects an entropy of 98 bits, whereas the tactic involving the log possibilities of the LLM itself expects an entropy of 120 bits.
In actual phrases, this may imply that LLM-generated passwords might feasibly be brute-forced in a couple of hours, even on a decades-old pc, Irregular claimed.
Realizing the patterns additionally reveals what number of occasions LLMs are used to create passwords in open supply initiatives. The researchers confirmed that by looking out widespread character sequences throughout GitHub and the broader net, queries return take a look at code, setup directions, technical documentation, and extra.
In the end, this discovering could usher in a brand new period of password brute-forcing, Irregular mentioned. It additionally cited earlier feedback made by Dario Amodei, CEO at Anthropic, who mentioned final yr that AI will possible be writing the vast majority of all code, and if that is true, then the passwords it generates will not be as safe as anticipated.
“Individuals and coding brokers mustn’t depend on LLMs to generate passwords,” mentioned Irregular. “Passwords generated by direct LLM output are essentially weak, and that is unfixable by prompting or temperature changes: LLMs are optimized to provide predictable, believable outputs, which is incompatible with safe password era.”
The staff additionally mentioned that builders ought to assessment any passwords that had been generated utilizing LLMs and rotate them accordingly. It added that the “hole between functionality and habits possible will not be distinctive to passwords,” and the trade ought to pay attention to that as AI-assisted improvement and vibe coding continues to collect tempo. ®
Generative AI instruments are surprisingly poor at suggesting robust passwords, consultants say.
AI safety firm Irregular checked out Claude, ChatGPT, and Gemini, and located all three GenAI instruments put ahead seemingly robust passwords that had been, actually, simply guessable.
Prompting every of them to generate 16-character passwords that includes particular characters, numbers, and letters in numerous circumstances, produced what seemed to be complicated passphrases. When submitted to numerous on-line password energy checkers, they returned robust outcomes. Some mentioned they’d take centuries for normal PCs to crack.
The web password checkers handed these as robust choices as a result of they don’t seem to be conscious of the widespread patterns. In actuality, the time it will take to crack them is far lower than it will in any other case appear.
Irregular discovered that each one three AI chatbots produced passwords with widespread patterns, and if hackers understood them, they may use that information to tell their brute-force methods.
The researchers took to Claude, operating the Opus 4.6 mannequin, and prompted it 50 occasions, every in separate conversations and home windows, to generate a password. Of the 50 returned, solely 30 had been distinctive (20 duplicates, 18 of which had been the very same string), and the overwhelming majority began and ended with the identical characters.
Irregular additionally mentioned there have been no repeating characters in any of the 50 passwords, indicating they weren’t really random.
Assessments involving OpenAI’s GPT-5.2 and Google’s Gemini 3 Flash additionally revealed consistencies amongst all of the returned passwords, particularly originally of the strings.
The identical outcomes had been seen when prompting Google’s Nano Banana Professional picture era mannequin. Irregular gave it the identical immediate, however to return a random password written on a Submit-It notice, and located the identical Gemini password patterns within the outcomes.
The Register repeated the checks utilizing Gemini 3 Professional, which returns three choices (excessive complexity, symbol-heavy, and randomized alphanumeric), and the primary two typically adopted related patterns, whereas possibility three appeared extra random.
Notably, Gemini 3 Professional returned passwords together with a safety warning, suggesting the passwords shouldn’t be used for delicate accounts, provided that they had been requested in a chat interface.
It additionally provided to generate passphrases as an alternative, which it claimed are simpler to recollect however simply as safe, and beneficial customers go for a third-party password supervisor resembling 1Password, Bitwarden, or the iOS/Android native managers for cellular units.
Irregular estimated the entropy of the LLM-generated passwords utilizing the Shannon entropy method and by understanding the chances of the place characters are more likely to seem, primarily based on the patterns displayed by the 50-password outputs.
The staff used two strategies of estimating entropy, character statistics and log possibilities. They discovered that 16-character entropies of LLM-generated passwords had been round 27 bits and 20 bits respectively.
For a very random password, the character statistics methodology expects an entropy of 98 bits, whereas the tactic involving the log possibilities of the LLM itself expects an entropy of 120 bits.
In actual phrases, this may imply that LLM-generated passwords might feasibly be brute-forced in a couple of hours, even on a decades-old pc, Irregular claimed.
Realizing the patterns additionally reveals what number of occasions LLMs are used to create passwords in open supply initiatives. The researchers confirmed that by looking out widespread character sequences throughout GitHub and the broader net, queries return take a look at code, setup directions, technical documentation, and extra.
In the end, this discovering could usher in a brand new period of password brute-forcing, Irregular mentioned. It additionally cited earlier feedback made by Dario Amodei, CEO at Anthropic, who mentioned final yr that AI will possible be writing the vast majority of all code, and if that is true, then the passwords it generates will not be as safe as anticipated.
“Individuals and coding brokers mustn’t depend on LLMs to generate passwords,” mentioned Irregular. “Passwords generated by direct LLM output are essentially weak, and that is unfixable by prompting or temperature changes: LLMs are optimized to provide predictable, believable outputs, which is incompatible with safe password era.”
The staff additionally mentioned that builders ought to assessment any passwords that had been generated utilizing LLMs and rotate them accordingly. It added that the “hole between functionality and habits possible will not be distinctive to passwords,” and the trade ought to pay attention to that as AI-assisted improvement and vibe coding continues to collect tempo. ®
