Journalism of Courage
Advertisement
Premium

AI for stronger passwords? Researchers unveil PassGPT, an LLM trained on the infamous RockYou leak

Meet PassGPT, the AI model based on OpenAI’s GPT-2 that can generate and guess passwords.

password generic featured(Image: TheDigitalWay/Pixabay)
Listen to this article Your browser does not support the audio element.

Generative AI is a powerful tool that can be used for both good and evil in the digital realm. Following the launch of ChatGPT when the technology exploded in popularity, experts began to contemplate its implications for cybersecurity. While we are thankfully yet to see the tech being used in major exploits by bad actors, security experts have been demonstrating clever ways generative AI can be employed to bolster cybersecurity.

A team of researchers from ETH Zürich, Swiss Data Science Center, and SRI International in New York have developed PassGPT, a new model based on OpenAI’s GPT-2 architecture that can generate and guess passwords. The model is trained on millions of passwords leaked in various cyberattacks, more specifically on the infamous RockYou leak. Reportedly, PassGPT can guess 20% more unseen passwords than state-of-the-art GAN models.

While PassGPT’s capabilities may sound scary, the goal is to actually help users create stronger and more complex passwords and to detect possible passwords based on some inputs. The model uses a novel technique called progressive sampling, which builds passwords one character at a time, making them harder to crack. The model also outperforms previous models that used generative adversarial networks (GANs), which are composed of two competing networks that try to fool each other with realistic or fake content.

Also read | PDFs as malware? Research suggests how some benign-looking files could harm your PC

The creator of PassGPT, Javi Rando, said that the model can also compute the probability of any given password and analyse its strength and vulnerabilities. He added that the model can find patterns that are considered strong by conventional methods, but are actually easy to guess with generative techniques. He also said that the model can handle passwords in different languages and guess new passwords that are not in its dataset.

PassGPT is an example of how LLMs can be adapted to different domains and applications using different data sources. And it isn’t the first time generative AI has been trained on illegal data by those on the right side of the law. Previously, researchers trained an AI model called DarkBERT on dark web data to detect ransomware leak sites and monitor unlawful information exchange.

Curated For You
India U19 vs Pakistan U19 LIVE Cricket Score, Asia Cup 2025: Deepesh Devendran stars with 3 wickets as India defeat Pakistan by 90 runs
Dhurandhar Box Office Collection Day 9 Update: Ranveer Singh film aims for biggest one-day haul; earns Rs 335 cr
India vs South Africa 3rd T20I, Live Cricket Score: Arshdeep Singh removes Aiden Markram after his half century; SA 113/8 in 19th over

 

© IE Online Media Services Pvt Ltd
Tags:
  • artificial intelligence
Edition
search
Install the Express App for
a better experience
Featured
Today's E-paper
Dec 14, 2025
Trending Topics
News
Multimedia
Follow Us
Tavleen Singh writesDebate AQI, not Vande Mataram
X