Have you ever asked an AI tool to create a password and trusted it when it claimed the result was strong? New research shared exclusively with Sky News suggests that confidence may be misplaced.
According to AI cybersecurity firm Irregular, leading chatbots including ChatGPT, Claude and Gemini often generate highly predictable passwords. The findings, verified by Sky News, prompted Irregular co-founder Dan Lahav to warn users against relying on AI for password security.
"You should definitely not do that," he told Sky News. "And if you've done that, you should change your password immediately. We don't think it's widely known that this is a problem."
Predictable Patterns Raise Security Risks
Predictable patterns are a major weakness in cybersecurity because they allow passwords to be guessed using automated tools deployed by cybercriminals. Large language models (LLMs) do not generate passwords randomly. Instead, they produce outputs based on patterns learned from training data. This means they create passwords that look complex but may follow repeatable structures.
In one test, Irregular generated 50 passwords using Claude and found only 23 were unique. One password, K9#mPx$vL2nQ8wR, was repeated 10 times. Several others followed strikingly similar patterns. When tested separately by Sky News, Claude produced a similarly structured password.
OpenAI's ChatGPT and Google's Gemini were reportedly slightly less repetitive but still showed predictable character patterns. Even Google's image-generation system NanoBanana displayed similar issues when asked to generate images of passwords on Post-it notes.
Why Password Checkers Miss the Problem
Online password checkers rated these AI-generated passwords as extremely strong, with some claiming they would take millions of trillions of years to crack. However, Irregular's research found that because the passwords follow patterns, they may be far easier to break than they appear. Lahav warned that even older computers could crack them in a relatively short time.
Developers Also at Risk
The issue goes beyond individual users. As developers increasingly rely on AI to write code, AI-generated passwords have appeared in apps, websites and repositories on GitHub. While many are harmless placeholders, some may be used in real systems.
What Should You Do Instead?
Experts say the solution is simple: avoid using AI to generate passwords. Instead, use a trusted password manager or switch to passkeys such as facial recognition or fingerprint authentication. Google said its AI systems are not designed for password generation and encouraged users to move towards safer authentication methods.
