Artificial intelligence has transformed the way businesses work. Tools like ChatGPT and Microsoft Copilot can help teams write emails, summarise meetings, generate reports, and even assist with coding tasks. As a result, many people now turn to AI for quick answers and everyday support.
However, there is one area where relying on AI could create serious security risks: password generation.
At first glance, asking AI to create a strong password seems sensible. After all, if a tool can generate detailed content in seconds, surely it can create a secure 16 character password filled with symbols, numbers, and capital letters.
Unfortunately, recent research suggests otherwise.
AI Generated Passwords May Look Strong, But Appearances Can Be Misleading
Researchers recently tested several AI tools to see how well they generated passwords. On the surface, the results looked impressive.
The passwords included a mixture of uppercase and lowercase letters, numbers, and special characters. Many even passed online password strength tests with high scores. In some cases, password checking tools claimed the credentials would take hundreds or even thousands of years to crack.
However, once researchers analysed the passwords more closely, they uncovered a major issue.
The passwords were not truly random.
Why Randomness Matters in Cyber Security and Why AI Generated Passwords Can’t Provide It
Strong passwords depend on unpredictability. The more random a password is, the harder it becomes for cyber criminals to guess or crack it using automated attacks.
AI systems work differently.
Large language models, often called LLMs, are designed to predict patterns in language. They generate responses based on the data they have learned during training. This makes them excellent at producing natural sounding text, but it also means they tend to follow familiar structures and predictable rules.
When researchers examined AI generated passwords, they discovered repeated patterns across multiple results. Some passwords shared very similar structures, while others appeared more than once.
Interestingly, many passwords avoided repeating characters entirely.
Although that may seem like a positive feature, genuine randomness often includes repetition. Removing repeated characters actually suggests the password follows learned behaviour rather than true unpredictability.
The Problem With Password Strength Checkers
One of the reasons this issue often goes unnoticed is because many online password checkers focus only on visible complexity.
For example, they assess factors such as:
Password length
Longer passwords generally receive higher scores.
Character variety
Most checkers reward passwords that include uppercase letters, lowercase letters, numbers, and symbols.
Common word usage
Simple dictionary words or predictable phrases usually reduce a password’s score.
While these checks are useful, they do not measure hidden patterns or predictability.
As a result, an AI generated password can appear extremely secure despite containing underlying structures that attackers may exploit.
Understanding Entropy
Researchers used a concept called entropy to evaluate the passwords.
In cyber security, entropy measures how unpredictable a password truly is. Higher entropy means stronger protection because there are more possible combinations for attackers to test.
The findings showed that AI generated passwords scored significantly lower in entropy than genuinely random passwords of the same length.
This creates a problem because attackers often use brute force attacks, where automated systems rapidly test huge numbers of password combinations until they find the correct one.
If passwords follow predictable patterns, attackers can reduce the number of combinations they need to try, making accounts easier to compromise.
Even AI Tools Are Warning Users About The Risks of AI Generate Passwords
Some newer AI platforms have already started acknowledging these risks.
For example, newer models from Google Gemini have reportedly warned users against relying on AI generated passwords for sensitive accounts.
That warning alone highlights an important point.
AI tools excel at productivity tasks, creative support, and communication assistance. However, they were never designed to replace dedicated cyber security tools.
What Businesses Should Use Instead of AI Generated Passwords
Instead of asking AI to generate passwords, businesses should use a trusted password manager with a built in password generator.
These tools use cryptographic randomness, which relies on mathematical processes specifically designed to create unpredictable and secure credentials.
A reliable password manager can also help businesses:
Store passwords securely
Employees no longer need to reuse passwords or write them down.
Improve password complexity
Automatically generated passwords reduce the risk of weak or predictable credentials.
Support multi factor authentication
Many password managers integrate with additional security measures for stronger account protection.
Reduce human error
Centralised password management helps teams follow consistent security practices.
Popular business password managers include:
• 1Password
• Bitwarden
• LastPass
• Keeper Security
Final Thoughts
Artificial intelligence continues to deliver valuable benefits for modern businesses. It can improve efficiency, streamline workflows, and save valuable time across many day to day tasks.
However, security requires a different approach.
When it comes to passwords, unpredictability matters far more than appearance. Although AI generated passwords may look complex, hidden patterns can weaken their security and increase vulnerability to attack.
That is why businesses should continue using dedicated password management tools built specifically for secure credential generation.
If your business would like guidance on password managers, cyber security best practices, or improving account security across your organisation, Amshire Solutions Ltd can help.
Get in contact today, the longer you wait, the bigger the risk.