CP
cyberpings
VulnerabilitiesHIGH

LLMs Generate Predictable Passwords: A Security Risk

SSSchneier on Security19h ago3 min read
passwordsAILLMssecurityauthentication
🎯

Basically, AI-generated passwords are too predictable and insecure.

Quick Summary

Recent findings show that AI-generated passwords are alarmingly predictable. This affects anyone relying on AI for account creation. Weak passwords can lead to unauthorized access. Experts are pushing for better algorithms to enhance security.

What Happened

A recent analysis revealed a concerning flaw in how Large Language Models (LLMs)? generate passwords. These AI systems create passwords that follow predictable patterns, making them less secure than random passwords. Out of 50 generated passwords, many began with an uppercase 'G' followed by the number '7', showcasing a clear lack of randomness?.

The study found that certain characters appeared far more frequently than others. For instance, characters like 'L', '9', 'm', '2', '$', and '#' were present in all 50 passwords, while others like '5' and '@' appeared only once. This uneven distribution indicates a significant flaw in the randomness? of the passwords. Additionally, none of the passwords contained repeating characters, which is statistically unlikely for truly random passwords. This design choice seems to stem from Claude, the AI, trying to appear less random.

Interestingly, the analysis showed that there were only 30 unique passwords among the 50 generated. The most common password, 'G7$kL9#mQ2&xP4!w', appeared 18 times, giving it a staggering 36% probability? of being chosen. This is far higher than what you would expect from a secure 100-bit password, which should be much more random and varied.

Why Should You Care

You might think, "Why does this matter to me?" Well, if AI systems are creating accounts or managing sensitive information, they need secure passwords. Predictable passwords are like leaving your front door wide open. If an AI generates a password that is easy to guess, it could lead to unauthorized access to your accounts or data.

Consider your own online accounts. If an AI is creating passwords for you, and those passwords are easily guessable, it puts your personal information at risk. Just like you wouldn’t use '123456' as a password, you shouldn’t rely on AI-generated ones that follow predictable patterns. The security of your data could hinge on the randomness? of these passwords.

What's Being Done

Experts are now raising alarms about the implications of AI-generated passwords. The focus is on improving the algorithm?s that generate passwords to ensure better randomness? and security. Here are some immediate actions you can take:

  • Use a password manager that generates truly random passwords for you.
  • Avoid relying on AI-generated passwords for sensitive accounts until improvements are made.
  • Stay informed about updates in AI technology and security practices.

Security professionals are closely monitoring developments in LLMs and their applications, especially as AI continues to evolve in managing sensitive tasks. Expect discussions around enhancing password security protocols in AI systems to become more prominent.

💡 Tap dotted terms for explanations

🔒 Pro insight: The predictability of LLM-generated passwords highlights a critical vulnerability in AI-driven authentication processes, necessitating immediate algorithmic improvements.

Original article from

Schneier on Security

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Protect VS Code from Dangerous Prompt Injections

A new risk has emerged for VS Code users: prompt injections. These can expose sensitive information like GitHub tokens and execute unwanted code. Stay safe by reviewing your extensions and limiting sensitive data in your code.

GitHub Security Blog·Just now·2m
HIGHVulnerabilities

CVE-2025-55182: Smart Home Devices Under Attack!

A serious vulnerability, CVE-2025-55182, is exposing smart home devices to hackers. This flaw allows remote control of devices through improper data validation. Users are urged to update their devices and monitor for suspicious activity.

Bitdefender Labs·Just now·3m
MEDIUMVulnerabilities

Short-Lived Certificates: A Game Changer for Security!

Let's Encrypt has introduced six-day certificates for enhanced web security. This affects all website owners looking to protect their data. Shorter certificates mean reduced risk of exploitation. Start using them today to keep your site secure!

Scott Helme·Just now·2m
HIGHVulnerabilities

Apple Vision Pro Update Fixes Critical Data Access Flaw

Apple has rolled out an urgent update for Vision Pro devices to fix a serious security flaw. This impacts all users, allowing apps to access sensitive data. Updating now is crucial to protect your personal information from unauthorized access.

Full Disclosure·Just now·2m
HIGHVulnerabilities

Exploit Generation Hits New Heights with AI Tools

New AI tools are enabling hackers to create zero-day exploits. This affects everyone using software, especially those on macOS and AWS. Stay alert to protect your data and systems.

tl;dr sec·Just now·2m
CRITICALVulnerabilities

Cisco FMC Faces Maximum-Severity Vulnerabilities: Act Now!

Cisco has identified two critical vulnerabilities in its Secure Firewall Management Center software. Organizations using this software are at risk of unauthorized access and control. Immediate patching is essential to protect sensitive data and maintain security.

Arctic Wolf Blog·Just now·2m