AI-GENERATED passwords are a security risk, according to the article, because using AI to create passwords is likely to hand them to criminals who can then run dictionary attacks. Irregular tested ChatGPT, Claude and Gemini and found the passwords they generate are highly predictable and not truly random, with 50 prompts producing just 23 unique passwords and one string appearing 10 times.
The piece explains that attackers often rely on wordlists compiled from real‑world leaks and common patterns to perform dictionary attacks, and AI can make it easy to add thousands of such passwords.
As the researchers put it: “LLMs work by predicting the most likely next token, which is the exact opposite of what secure password generation requires: uniform, unpredictable randomness.” It notes that password managers use cryptographic random number generators to mix in real‑world entropy, and, while passkeys are preferred, if a password must be used, it should not be generated by AI and should be protected with multi-factor authentication.