{"data":{"id":"ba31a3a8-66f7-4e18-96de-691b567fc6f4","title":"LLM-generated passwords are indefensible. Your codebase may already prove it","summary":"Research from Irregular and Kaspersky shows that all frontier LLMs (large language models, AI systems trained on massive amounts of text) generate passwords that are structurally predictable and much weaker than they appear. When Claude Opus 4.6 was asked to generate passwords 50 times, only 30 distinct passwords emerged, with one password repeating 36% of the time, proving the model retrieves patterns from training data rather than creating truly random passwords. The core problem is architectural: LLMs assign high probability to the most plausible next character based on patterns they learned (like uppercase letters at the start), while cryptographic systems (secure random number generators) must give every character equal probability, making LLM-generated passwords vulnerable to attackers who understand how these models work.","solution":"N/A -- no mitigation discussed in source.","labels":["security","research"],"sourceUrl":"https://www.csoonline.com/article/4155166/llm-generated-passwords-are-indefensible-your-codebase-may-already-prove-it.html","publishedAt":"2026-04-08T11:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["model_theft"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic","OpenAI"],"affectedVendorsRaw":["Claude Opus 4.6","GPT-5.2","Irregular","Kaspersky"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-08T11:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality","integrity"],"aiComponentTargeted":"model","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}