It's kinda dumb to use LLMs to generate passwords, but I guess people will just do it, right? Also, vibe coding can just generate passwords without the users even knowing they exist.
Pretty cool analysis, I specially liked the graphics!
This is based on research that happened at our company (Irregular), and I think it's very relevant to know about and to get the word out about this security issue.
Especially given the pervasive use of coding agents, who may without you knowing about it decide to generate a password for you, and it might seem secure but really not be.