Have you ever asked an AI for a password?
When you do, it quickly generates one, telling you confidently that the output is strong.
In reality, it’s anything but, according to research shared exclusively with Sky News by AI cybersecurity firm Irregular.
The research, which has been verified by Sky News, found that all three major models – ChatGPT, Claude, and Gemini – produced highly predictable passwords, leading Irregular co-founder Dan Lahav to make a plea about using AI to make them.
“You should definitely not do that,” he told Sky News. “And if you’ve done that, you should change your password immediately. And we don’t think it’s known enough that this is a problem.”
Predictable patterns are the enemy of good cybersecurity, because they mean passwords can be guessed by automated tools used by cybercriminals.
But because large language models (LLMs) do not actually generate passwords randomly and instead derive results based on patterns in their training data, they are not actually creating a strong password, only something that looks like a strong password – an impression of strength which is in fact highly predictable.
Source: Sky News