In a rapidly evolving age of artificial intelligence, cybersecurity threats have become increasingly common.
Now your AI-generated password may be at the risk of exploitation, giving rise to new cyber threats. If you are using a password developed by an AI model, this is the right time to change your password to avoid potential mishaps.
A new research conducted by cybersecurity firm Irregular highlights a critical security flaw: AI models are statistically incapable of generating truly random passwords.
According to the findings published by Sky New, the tested models, including Claude, ChatGPT, and Gemini, generally operate on patterns. Hence, the strong passwords they provide are actually highly vulnerable and predictable.
The research into the major models revealed significant repetition in outputs.
When Anthropic Claud was used for creating strong passwords, only 23 generated passwords out of 50 were unique. One specific pattern appeared 1o times. Compared to Claud, Google’s Gemini and OpenAI’s ChatGPT demonstrated less identical outputs, but they still produced repeated and predictable patterns.
In the cybersecurity landscape, the predictable and weak patterns can put your data privacy at high risk. The hackers can easily guess these passwords using advanced tools.
According to the leading Irregular co-founder Dan Lahav, it is no mistake to assume that seemingly strong passwords generated by AI systems or large language models are nothing but an “illusion of strength.”
“You should definitely not do that. And if you've done that, you should change your password immediately. And we don't think it's known enough that this is a problem,” Lahav said in a sense of urgency.
Not only the automated tools, but also the old computers are capable of cracking these LLMs generated passwords in a relatively short amount of time.
Given the rising cyber threats in today’s world, the cybersecurity experts suggest moving away from AI-generated strings on an urgent basis.
Pick a long and memorable phrase rather than a short and complicated string and avoid asking an AI.
Use passkeys and whenever possible also use biometric authentication, such as face and fingerprint ID, as suggested by Robert Hann, global VP of technical solutions at Entrust.
Use tools like Google Password Manager, which use true randomization engines rather than language patterns like LLMs, as explained by a Google spokesperson.