LLMs leave detectable statistical fingerprints in the passwords they generate. Researchers analyzed 8,000 passwords from 40 models across 11 providers and found consistent biases — predictable character patterns, repeated substrings, and low uniqueness in some models. Using Markov chains (a 100-year-old technique), they built classifiers that identify the generating model with 55% accuracy and the provider with 65% accuracy. Scanning 34 million GitHub-committed passwords from late 2025 to early 2026, they flagged 28,000 as LLM-generated, with Anthropic, Qwen, and Google models accounting for 63% of detections. Key findings: some developers are deliberately asking LLMs to generate passwords (a bad practice since the password transits through the provider's network), and AI agents are autonomously hardcoding generated passwords in Terraform and .env files. These passwords are weak and crackable via Markov-mode attacks. Recommendations include using a password manager or vault instead of LLMs, and deploying secret-scanning hooks in AI agent workflows.
Table of contents
Extending the perimeterFighting robots with a rusty swordHunting bot passwords in the wildWhat this means in practiceAttacking and defendingSort: