In the digital age, each new service implies new passwords. What begins as a simple security measure ends up being a maze of credentials that users must remember, which often leads them to repeat keys or use weak combinations. Faced with this load, more and more people choose to use artificial intelligence to generate their password. However, a recent investigation by Kaspersky alerts about the risks of this practice.
Alexey Antonov, leader of the Firm Data Science Team, tested some of the most popular language models —Chatgpt, Llama and Deepseek – generating a thousand passwords with each. Although the three models know the basic rules for a robust code (minimum length, mixture of characters and symbols), their results revealed dangerous patterns. “The problem is that the LLMs do not create a true randomness. In their place, they mimic existing data patterns, which makes their results predictable for attackers who understand how these models work,” says Antonov.
Language models such as chatgpt, call or deepseek are being used by users to create safe keys, but analysis show that these tools do not offer the randomness necessary to guarantee effective protection.
The passwords produced by Deepseek and calls, in particular, presented words of the dictionary slightly modified – as “p@ssw0rd” or “s@d0w12” -, a practice that may seem safe but in reality it facilitates work to cybercriminals. “It is not necessary to say that these passwords are not safe,” adds the expert. In contrast, Chatgpt generated keys that appeared to be further, but even in those cases repetitions and patterns were detected in the characters, such as the frequent use of number 9 or certain letters.
Password safety
The investigation went further and applied an automatic learning algorithm to evaluate password resistance. The results were overwhelming: 88% of the keys created by Deepseek and 87% of those generated by flame could be deciphered in less than an hour. Even in the case of Chatgpt, considered the most effective, 33% of the passwords were vulnerable.
The analysis reinforces the idea that trusting digital security at AI is not, for now, a reliable option. To guarantee truly safe passwords, experts recommend using specialized password managers. These programs not only generate keys with cryptographically safe algorithms, but also store them in encrypted vaults and offer functionalities such as self -fulfilled, synchronization between devices and alerts to leaks.
In a context of increasing cyber threats, the shortcuts can be expensive. Betting on tools specifically designed for the protection of credentials, instead of depending on AI models with predictable results, can make a difference between a safe and a committed account. How many passwords do you have? Maybe more than you think. And if they all follow a pattern, the attackers are already one step ahead.
