The Research Behind Of Detecting And Attributing LLM-Generated Passwords - Gäetan Ferry

GitGuardian Senior Cybersecurity Researcher Gaetan Ferry’s latest research shows that AI-generated passwords are leaving fingerprints in the wild. In this interview, he explains how he used Markov chains, a century-old statistical model, to detect patterns in passwords generated by modern LLMs, attribute them to model families, and identify 28,000 likely LLM-generated passwords across public GitHub.
The findings are a warning for teams adopting AI coding agents: LLMs should not be treated as password generators, and autonomous agents need guardrails before they hardcode predictable secrets into source, configuration, or infrastructure files.

Read the full blog post here:
https://blog.gitguardian.com/the-bot-fingerprint-detecting-llm-passwords/

Get started with AI hooks with ggshield here:
https://github.com/gitguardian/ggshield