AI-Generated Passwords: Seemingly Strong, Easily Cracked

A recent study by AI security company Irregular reveals that passwords generated by AI tools such as Claude, ChatGPT, and Gemini are surprisingly predictable and easily crackable. Despite appearing complex and passing online password strength checkers, these passwords exhibit common patterns that hackers can exploit. The researchers prompted each tool to generate 16-character passwords with special characters, numbers, and letters in different cases. However, the resulting passwords were not truly random and contained consistencies, particularly at the beginning of the strings.

Irregular's tests with Claude, using the Opus 4.6 model, showed that only 30 out of 50 generated passwords were unique, with many starting and ending with the same characters. Similar patterns were observed when prompting OpenAI's GPT-5.2 and Google's Gemini 3 Flash. The team estimated the entropy of the LLM-generated passwords using the Shannon entropy formula and found that the 16-character entropies were around 20-27 bits, significantly lower than the expected 98 bits for truly random passwords.

These findings highlight a critical security vulnerability. Users who rely on AI-generated passwords may be at increased risk of unauthorized access and data breaches. The study underscores the need for improved AI password generation algorithms and for users to adopt more robust password management practices, such as using third-party password managers and avoiding passwords generated by AI chatbots.

Transparency is essential in cybersecurity research. This analysis is based on publicly available information and aims to raise awareness about the risks associated with AI-generated passwords. As per EU AI Act Article 50, this deep analysis is intended for informational purposes and does not constitute professional advice.

_Context: This intelligence report was compiled by the DailyAIWire Strategy Engine. Verified for Art. 50 Compliance._