When you do, it quickly generates one, telling you confidently that the output is strong. In reality, it's anything but, according to research shared exclusively with Sky News by AI cybersecurity firm Irregular. The research, which has been verified by Sky News, found that all three major models - ChatGPT, Claude, and Gemini - produced highly predictable passwords, leading Irregular co-founder Dan Lahav to make a plea about using AI to make them. "You should definitely not do that," he told Sky News. "And if you've done that, you should change your password immediately. And we don't think it's known enough that this is a problem." Predictable patterns are the enemy of good cybersecurity, because they mean passwords can be guessed by automated tools used by cybercriminals. But because large language models (LLMs) do not actually generate passwords randomly and instead derive results based on patterns in their training data, they are not actually creating a strong password, only something that looks like a strong password - an impression of strength which is in fact highly predictable. Some AI-made passwords need mathematical analysis to reveal their weakness, but many are so regular that they are clearly visible to the naked eye. A sample of 50 passwords generated by Irregular using Anthropic's Claude AI, for instance, produced only 23 unique passwords. One password - K9#mPx$vL2nQ8wR - was used 10 times. Others included K9#mP2$vL5nQ8@xR, K9$mP2vL#nX5qR@j and K9$mPx2vL#nQ8wFs. When Sky News tested Claude to check Irregular's research, the first password it spat out was K9#mPx@4vLp2Qn8R. OpenAI's ChatGPT and Google's Gemini AI were slightly less regular with their outputs, but still produced repeated passwords and predictable patterns in password characters. Google's image generation system NanoBanana was also prone to the same error when it was asked to produce pictures of passwords on Post-its. 'Even old computers can crack them' Online password checking tools say these passwords are extremely strong. They passed tests conducted by Sky News with flying colours: one password checker found that a Claude password wouldn't be cracked by a computer in 129 million trillion years. But that's only because the checkers are not aware of the pattern, which makes the passwords much weaker than they appear. "Our best assessment is that currently, if you're using LLMs to generate your passwords, even old computers can crack them in a relatively short amount of time," says Mr Lahav. This is not just a problem for unwitting AI users, but also for developers, who are increasingly using AI to write the majority of their code. Read more from Sky News:Do AI resignations leave the world in 'peril'?Can governments ever keep up with big tech? AI-generated passwords can already be found in code that is being used in apps, programmes and websites, according to a search on GitHub, the most widely-used code repository, for recognisable chunks of AI-made passwords. For example, searching for K9#mP (a common prefix used by Claude) yielded 113 results, and k9#vL (a substring used by Gemini) yielded 14 results. There were many other examples, often clearly intended to be passwords. Most of the results are innocent, generated by AI coding agents for "security best practice" documents, password strength-testing code, or placeholder code. However, Irregular found some passwords in what it suspected were real servers or services and the firm was able to get coding agents to generate passwords in potentially significant areas of code. "Some people may be exposed to this issue without even realising it just because they delegated a relatively complicated action to an AI," said Mr Lahav, who called on the AI companies to instruct their models to use a tool to generate truly random passwords, much like a human would use a calculator. What should you do instead? Graeme Stewart, head of public sector at cybersecurity firm Check Point, had some reassurance to offer. "The good news is it's one of the rare security issues with a simple fix," he said. "In terms of how big a deal it is, this sits in the 'avoidable, high-impact when it goes wrong' category, rather than 'everyone is about to be hacked'." Other experts observed that the problem was passwords themselves, which are notoriously leaky. "There are stronger and easier authentication methods," said Robert Hann, global VP of technical solutions at Entrust, who recommended people use passkeys such as face and fingerprint ID wherever possible. And if that's not an option? The universal advice: pick a long, memorable phrase, and don't ask an AI. Sky News has contacted OpenAI, while Anthropic declined to comment. A Google spokesperson said: "LLMs are not built for the purpose of generating new passwords, unlike tools like Google Password Manager, which creates and stores passwords safely. "We also continue to encourage users to move away from passwords and adopt passkeys, which are easier and safer to use."

The official start of Ramadan traditionally depends on the sighting of the new crescent moon as it is the ninth month of the Islamic lunar calendar, during which, every single month is determined by the sighting of the new crescent. Dr Wajid Akhter, secretary general of the Muslim Council of Britain (MCB), told Sky News that Muslims in the UK have differences of opinion on when Ramadan should begin. For some it is when the moon has been sighted over Mecca, in Saudi Arabia, which is the birthplace of the Prophet Muhammad. For others, it is when the moon is seen in closer Muslim countries like Turkey or Morocco or over the UK itself. Whatever the date, Dr Akhter said it is time the country had a unified answer. How is Ramadan confirmed in Saudi Arabia? Sighting of the Ramadan crescent takes place at the Tabuk Observatory, a facility in Saudi Arabia that is used annually to spot the beginning and end of a lunar cycle. On Tuesday, teams of moon-sighters began to look for the crescent after the sun set at roughly 6pm local time (3pm UK time). The UK's HM Nautical Almanac Office (HMNAO) - which provides data and information on astronomy and space - predicted that countries including Saudi Arabia and the UK would not have clear visibility of the crescent moon until tonight. But the UAE Presidential Court did confirm a sighting, meaning that today, 18 February, will be the first official day, with fasting starting at dawn. Other countries including Turkey, Oman, Australia, Malaysia, France and Singapore have declared that Ramadan will start a day later on Thursday 19 February. Why do dates differ in the UK? Dr Akhter said the reason there is a "schism in the UK" is because "a significant proportion of people feel that we should be citing the moon here in the UK and not relying on a different country, even if it does contain the holy cities". He added: "Because of these differences of opinion you almost have half the country that starts it on one day and the other half that starts it on another day. It's something that we feel strongly about at the Muslim Council of Britain, it's about time that the community comes together and comes up with a unified answer to this. "It's increasingly untenable to have separate start dates, separate dates for Eid. It's frustrating for a lot of families, and a lot of communities." He said compared to other countries in Europe like Germany and France, which have large Muslim communities, the UK has a more diverse community, making it more difficult to follow one rule, which, he said, the MCB is going to push for "more and more". Dr Akhter said he thinks people continue to look at countries outside the UK for Ramadan dates because previous generations have historically had to rely on countries they were born in for books and teachings of the faith. But, he said, this has now changed. Imad Ahmed, director of the New Crescent Society, a group that encourages Muslims in the UK to observe and determine the start of each lunar month themselves, agreed that the UK has never had a "united" Islamic calendar. He told Sky News that Muslims currently look towards Saudi Arabia or other Muslim countries like Morocco, which is likely to start Ramadan on a different date because it sees the moon at a different time. "We'd expect Saudi to start their fasting Wednesday, maybe Europe, Asia and Africa to start it on Thursday, and other parts of Asia and Australia to start on Friday. The reason we have different dates is that the moon is not visible everywhere on Earth for the first time on the same date," Mr Ahmed said. "What the New Crescent Society is doing is training Muslims in the UK to bring the moon back home so we don't have to outsource our moon sightings or our Islamic calendar decisions to other countries." Why is the crescent moon important? Mr Ahmed said many aspects of astronomy are important in Muslim ritual life. "A month in the Islamic calendar is either 29 days or 30 days," Mr Ahmed said, who is also studying for a PhD in theology and religion at Cambridge University. "That's because every single month corresponds to how long it takes for the moon to complete its phases from one new crescent to the next new crescent. "That's 29 and a half days but a month can't be 29 and a half days long, so the Muslim calendar averages it out. Half the year approximately has 29 days, and the other half the year will have 30 days." He said if the moon is sighted in the sky on the 29th day, it means the month has begun and if the moon is not spotted, the month is rounded up to 30 days. "For Ramadan, Muslims around the world are gathered wherever they are, in whatever location, gazing into the sky hoping to spot the crescent. "If they see the crescent it means Ramadan has begun and fasting begins and at the end of the month, they'll look for the next crescent, when Eid celebrations can begin."

People invent new technology like AI, new social media features designed to draw you in, new ways to interact online - and in the background, the authorities scramble to keep up. The prime minister is trying. Today, he announced the government would close a loophole that meant one-to-one conversations with AI bots weren't regulated in the same way as social media. It's an update to the Online Safety Act that was first shown to Parliament in 2019, more than two years before ChatGPT burst onto the scene and revolutionised how we use the internet. It took until 2023 to be passed and we only saw widespread enforcement in July last year. There are still elements waiting to be enforced. During that time, there have been countless AI bots entering the mainstream, from X's Grok, CharacterAI's personalised AI agents, Google's Gemini and more. Sir Keir Starmer did address the regulatory lag this morning, saying that if a consultation shows a social media ban is the best course of action for the UK, he will now be able to enforce it "within months, not years". He also announced a change that means the social media data of young people will be preserved by default if they die, meaning that bereaved families can get answers sooner about their children's deaths. But for the woman who campaigned for that change, Ellen Roome, Mr Starmer still hasn't done enough. Ms Roome began campaigning when her 14-year-old son Jools Sweeney died in 2022, after she believed he attempted a dangerous online challenge. Read more from Sky News:Foreign secretary denies PM is 'rattled'Inside the UK's van dwelling hotspots Since that point, however, she hasn't been able to access his social media data, so she can't confirm her suspicions. This morning, she told me that because of the campaign after her son's death, there'll be "no more grieving parents having to beg platforms" and "no more delays while critical evidence disappears". "[But] we must ultimately do more to stop children being harmed or dying in the first place. "Preservation after death matters. Prevention before harm matters even more." She has repeatedly called for children to be banned from social media. She wants the government to go further than Australia, which recently banned under-16s, and instead wants everyone under 18 years old to be kept from the platforms "At 16, you're still quite naive and young. I remember thinking I was very mature at 16. Looking back, I really wasn't," she told me last year. While it considers this, the government faces a challenge to keep up with the tech industry. If it can't, preventing the deaths of more children will become even more difficult.

Rob Jones, the NCA's director of general operations, said online groups had resulted in offenders' behaviour being "rationalised", as "like-minded" abusers are brought together by algorithms. While they are collaborating on the dark web, they are using mainstream social media as "discovery" platforms to "identify and abuse vulnerable children". And with youngsters increasingly reliant on the internet themselves, they are at even greater risk. Mr Jones described the situation as "incredibly damaging", and warned: "We want society to push back and people to confront their offending - that is the opposite of what happens in the online world." The amount of material referred to the authorities by the National Centre for Missing and Exploited Children has roughly doubled over the past three years, according to the NCA. Arrests have risen from between 500 and 800 per month a few years ago to 1,000. During a single week in January, the NCA and forces across the UK made 252 arrests, including 118 people who were then charged. Another 35 people were sentenced in court and 407 children were safeguarded. Offences that are becoming more prevalent include abusers paying on demand for the abuse of children to be livestreamed - sometimes for as little as £20. More from Sky News:Tracking unusual Russian flightObama leads Jesse Jackson tributes The NCA also warned of "Com groups" - sadistic groups that gamify abuse which were recently highlighted by a special report from Sky News. Mr Jones said members of these communities "egg each other on" to commit "even more horrendous crimes". Tech companies must 'act with urgency' Becky Riggs, the National Police Chiefs' lead for child protection and abuse investigation, said officers were working "relentlessly" to target abusers. But she said tech firms must "act with urgency to make their platforms hostile environments for offenders". Parents, guardians, carers, and teachers should also learn the signs that a child is being abused. "The trusted adults around them [...] need clear, accessible guidance so they can recognise the signs of harm, have open conversations, and know where to turn for help," Ms Riggs added. The NCA's warning comes after the government announced a sweeping crackdown on tech companies to protect children from illegal content. It will include measures to eliminate "vile illegal content created by AI", and could even open the door to an Australia-style age limit on social media, a Number 10 spokesperson said.

Latest official figures from the UK Centre for Ecology and Hydrology (UKCEH) show rivers in the south and southwest of England reached exceptionally high levels in January, with some breaking records. And the soil is so saturated in areas that have borne the brunt of the deluge that water is rising up through the ground - an invisible threat that could suddenly flood homes. The Environment Agency (EA) has also warned of a significant risk of so-called groundwater flooding that could persist for months. Mark Garratt, flood duty manager at the agency, said: "Significant groundwater flooding impacts are probable in parts of Dorset and Wiltshire, with minor groundwater impacts probable in Hampshire and West Sussex. "Due to steadily rising levels, minor groundwater flooding impacts are possible in Kent and East Sussex." Check the weather forecast in your area The monthly statistics from the UKCEH confirm that Northern Ireland and the southwest of England had their wettest January on record, with 170% of their normal rainfall. It was also one of the five wettest Januarys since 1890 for southern counties of England. River levels in the affected areas surged as a result, with three reaching their highest flows for January, and two setting a record. Monitoring at boreholes across Dorset, Wiltshire, Hampshire, Sussex, and Kent also showed that groundwater levels at 29 sites were above normal. At 28 sites levels were so high that there was a risk of flooding from water rising from beneath people's homes. And at 10 sites levels had reached their highest on record. Groundwater flooding 'can take people by surprise' Professor Hannah Cloke, a world-leading hydrologist at Reading University, told Sky News: "Groundwater flooding is invisible. It comes up through the floorboards. It seeps out in the middle of the night, and people aren't expecting it. "It's not like you're living near to a river, and you expect that flooding. So it can be very serious. It can take people by surprise. "And it is very persistent. It can last for a long time. So this could last for months in some of these places." Read more from Sky News:PM abandons plans to delay council electionsPolice using drones to catch phone thieves According to the Met Office, the jet stream is lying further south than normal for the time of year. The high altitude winds have also been supercharged by cold weather in North America, generating bands of persistent rain that have lingered over parts of the UK. Further rain is forecast and the EA has urged people to stay alert to flood warnings.