Large language models such as ChatGPT, Claude and Gemini are increasingly being used not only for text generation, but also for creating passwords and API secrets. At first glance, these AI-generated passwords look strong: they are long, contain upper- and lowercase letters, digits and special characters. However, new research by the company Irregular demonstrates that behind this convincing appearance lies a systematic security weakness. AI-generated passwords follow predictable patterns and can be cracked in a matter of hours.
How researchers tested AI-generated passwords
Irregular’s specialists evaluated three popular models: ChatGPT, Claude and Gemini. Each model was asked 50 times to generate a 16-character password that must include uppercase letters, lowercase letters, numbers and special symbols. This format is widely recommended as a “strong password” standard in many corporate policies and user-facing services.
The resulting passwords were then checked using common online password strength meters. These tools consistently rated the AI-generated passwords as very strong, often estimating cracking times in decades or centuries. The problem is that such meters assume uniformly random character choice and do not account for hidden patterns typical of text produced by large language models.
Repeating patterns in passwords from ChatGPT, Claude and Gemini
Detailed analysis revealed that LLMs do not produce truly random strings. Instead, they rely on stable templates. Among the 50 passwords generated by Claude, only 30 were unique. The remaining 20 were duplicates, and in 18 cases the model returned exactly the same password string. Many passwords also shared the same first and last characters, indicating a predictable structure at the beginning and end of the sequence.
ChatGPT and Gemini exhibited similar behavior, with characteristic patterns in the initial characters and overall layout of the passwords. An additional experiment with the image-generation model Google Nano Banana Pro, where the AI was asked to draw a sticker containing a “random” password, produced outputs that followed the same structural patterns as Gemini. Changing the modality to images did not eliminate the underlying predictability.
A notable detail in Claude’s output was that no password contained repeated characters. While this may appear neat and “well-structured,” it is a red flag from a security perspective. Human-designed cryptographic generators do not deliberately avoid character repetition; the absence of repeats is another sign that the model is following a learned template rather than sampling from a high-entropy random source.
Low entropy: why LLM passwords can be cracked in hours
To quantify password strength, the researchers applied Shannon entropy and probabilistic analysis based on the models’ own log-probabilities. Entropy, measured in bits, reflects how unpredictable a string is: higher entropy means more possible combinations and harder brute-force attacks.
For the 16-character passwords generated by the LLMs, the effective entropy was around 27 bits based on character statistics and roughly 20 bits when estimated from the models’ internal probabilities. By comparison, a truly random 16-character password drawn from a comparable set of symbols should reach around 98–120 bitsNIST SP 800‑63B.
The gap is dramatic. An entropy of 20–27 bits corresponds to roughly 1–130 million candidates, which is feasible to exhaust with a straightforward brute-force attack in hours on commodity hardware. With modern GPUs and optimized wordlists that incorporate known AI patterns, real-world cracking times can be even shorter.
Why large language models are not suitable password generators
The underlying cause is the very nature of large language models. LLMs are trained to maximize the likelihood of text, predicting the next token so that the output looks natural and statistically typical of their training data. Strong passwords, in contrast, must be as atypical and unpredictable as possible.
Even when parameters such as temperature are increased or prompts are carefully engineered, an LLM remains a tool for generating plausible text, not a cryptographic random number generator. It does not meet the requirements for a cryptographically secure pseudo-random number generator (CSPRNG) as referenced in security standards like NIST SP 800‑63 or OWASP Application Security Verification Standard (ASVS). Relying on LLMs for password generation therefore introduces a systemic weakness into authentication processes.
Real-world risk: AI patterns already visible in code and infrastructure
Irregular’s researchers also observed that characteristic AI password patterns already appear widely in public repositories. Searching for these templates on platforms such as GitHub reveals them in test suites, sample configurations, documentation and, in some cases, real configuration files. This indicates that developers are actively using LLMs to generate passwords, tokens and other sensitive secrets.
For attackers, this creates a new class of opportunities. Once the preferred patterns of a specific model are known, adversaries can build tailored dictionaries and mask-based or hybrid attacks that heavily prioritize these structures. This significantly reduces the effective search space compared to naive brute force, undermining even seemingly complex credentials that contain a mix of character types.
How to securely generate passwords and remediate past AI use
Irregular recommends that organizations and developers review and replace any passwords or secrets that may have been generated with ChatGPT, Claude, Gemini or other LLMs. This includes user accounts, database passwords, API keys, OAuth secrets, service accounts, SSH keys passphrases and similar credentials.
For everyday use, security best practice is to rely on a password manager that uses a cryptographically secure random generator. Strong passwords should be long (typically 16–20+ characters for important accounts), unique per service and never reused. Wherever possible, multi-factor authentication (MFA) should be enabled to add an extra layer of protection beyond the password itself.
From an infrastructure perspective, secrets should be stored in dedicated secret management systems or vaults rather than hard-coded into source code or plain-text configuration files. Security policies should explicitly prohibit the use of general-purpose AI tools for generating credentials and instead mandate approved, audited mechanisms for secret creation and rotation.
AI has become an indispensable tool for code assistance, documentation and automation, but using language models as password generators introduces a hidden and avoidable risk. Organizations that take cybersecurity seriously should inventory their credentials, phase out AI-generated secrets and standardize on cryptographically sound methods for password generation and storage. Taking these steps now will significantly reduce exposure to emerging attack techniques that exploit LLM-specific patterns and will strengthen authentication systems for the long term.
