A new cybersecurity report warns that passwords generated by artificial intelligence tools may be significantly less secure than users assume, raising fresh concerns about digital safety amid rapid AI adoption.
The findings were released by Irregular, an AI-focused cybersecurity firm that analysed how large language models generate passwords. According to the company, many AI-created passwords follow predictable structural patterns, making them more vulnerable to cracking than truly random alternatives.
The study examined passwords generated by widely used AI systems and found that, although they often appear complex, they frequently rely on familiar formatting conventions. These include capitalising the first letter of a word, appending common number sequences, or placing special characters at the end of a phrase.
While such passwords may pass standard online strength tests, Irregular’s analysis suggests their entropy levels — a technical measure of randomness — are lower than required for robust security.
Security Risk Hidden Behind Complexity
Cybersecurity experts say the issue stems from how AI language models function. Generative AI systems are designed to predict statistically likely patterns based on training data. They are optimised for coherence and plausibility, not cryptographic unpredictability.
As a result, when users prompt AI tools to “generate a strong password”, the output may look sophisticated but still follow predictable linguistic and structural patterns.
According to Irregular, this predictability could reduce the time required for automated password-cracking tools to succeed, particularly when attackers use advanced guessing algorithms designed to exploit common patterns.
Growing Trend Raises Alarm
The warning comes amid a growing trend of individuals and developers turning to AI assistants for a wide range of tasks, including password generation. Convenience and perceived intelligence have led many users to assume AI-generated credentials are inherently secure.
However, researchers caution that AI systems are not designed as cryptographic tools. Password generation requires high-entropy randomness, typically produced by specialised algorithms within password managers or security software.
The study further notes that some developers may have unknowingly incorporated AI-generated passwords into code repositories, administrative systems, or cloud infrastructure settings, potentially introducing hidden vulnerabilities.
Implications for Businesses and Institutions
The findings are particularly relevant for fast-growing digital economies such as Nigeria’s, where online banking, fintech platforms, SaaS tools, and e-commerce services depend heavily on secure authentication systems.
If AI-generated passwords have been used for financial platforms, enterprise dashboards, or sensitive administrative accounts, organisations may face elevated cybersecurity risks.
Industry experts recommend that individuals and businesses who have relied on AI-generated passwords rotate them immediately and replace them with credentials produced by trusted password managers.
Experts Recommend Stronger Safeguards
Irregular advises users to adopt security best practices, including:
• Using dedicated password managers with built-in random generators
• Enabling multi-factor authentication
• Transitioning to passkeys where supported
• Implementing hardware-based authentication for sensitive systems
Cybersecurity analysts stress that while AI tools can enhance productivity, they should not be used for security-critical tasks unless specifically engineered for that purpose.
Broader AI Security Debate
The report contributes to the broader conversation on the responsible use of artificial intelligence. As AI becomes more embedded in daily workflows, experts warn that overreliance without an understanding of its limitations can introduce unintended risks.
The message from researchers is clear: artificial intelligence may excel at generating text and assisting with tasks, but when it comes to password security, traditional cryptographic methods remain the safer choice.
Users who have relied on AI to create passwords are being urged to review and update their credentials without delay.
Director
Bio: An (HND, BA, MBA, MSc) is a tech-savvy digital marketing professional, writing on artificial intelligence, digital tools, and emerging technologies. He holds an HND in Marketing, is a Chartered Marketer, earned an MBA in Marketing Management from LAUTECH, a BA in Marketing Management and Web Technologies from York St John University, and an MSc in Social Business and Marketing Management from the University of Salford, Manchester.
He has professional experience across sales, hospitality, healthcare, digital marketing, and business development, and has worked with Sheraton Hotels, A24 Group, and Kendal Nutricare. A skilled editor and web designer, He focuses on simplifying complex technologies and highlighting AI-driven opportunities for businesses and professionals.