LLM-Generated Passwords Look Strong but Crack in Hours, Researchers Find
Slashdot
by msmashFebruary 19, 2026
AI-Generated Deep Dive Summary
AI security firm Irregular has uncovered a critical vulnerability in passwords generated by major large language models (LLMs) like Claude, ChatGPT, and Gemini. Despite appearing complex, these passwords follow predictable patterns that make them easily crackable within hours—even on older hardware. A study found that when prompted 50 times, Anthropic's Claude Opus 4.6 produced only 30 unique passwords, with 18 duplicates being identical strings. The estimated entropy of LLM-generated 16-character passwords was a concerning 20 to 27 bits, far below the recommended range of 98 to 120 bits for truly secure, random passwords.
The issue stems from the fact that LLMs tend to repeat predictable patterns when generating content, including passwords. This predictability makes it easier for attackers to brute-force crack them using even outdated computing power. For instance, researchers discovered that many generated passwords shared similar structures or repeated character sequences, significantly reducing their complexity and security. The low entropy levels highlight the lack of randomness in these AI-generated passwords, making them far less secure than they appear.
This finding has significant implications for users who may rely on LLMs to create passwords without fully understanding the risks. While LLM-generated passwords might seem strong at first glance due to their complexity, their predictable nature leaves them vulnerable to attack within hours. This underscores the importance of combining AI-generated passwords with additional security measures like two-factor authentication or biometric verification to enhance overall protection. For tech enthusiasts and cybersecurity professionals, this study serves as a reminder that even cutting-edge tools like LLMs have limitations when it comes to generating truly secure credentials.
Verticals
tech
Originally published on Slashdot on 2/19/2026