LLM-Guided Prompt Evolution for Password Guessing
Abstract
Passwords still remain a dominant authentication method, yet their security is routinely subverted by predictable user choices and large-scale credential leaks. Automated password guessing is a key tool for stress-testing password policies and modeling attacker behavior. This paper applies LLM-driven evolutionary computation to automatically optimize prompts for the LLM password guessing framework. Using OpenEvolve, an open-source system combining MAP-Elites quality-diversity search with an island population model we evolve prompts that maximize cracking rate on a RockYou-derived test set. We evaluate three configurations: a local setup with Qwen3 8B, a single compact cloud model Gemini-2.5 Flash, and a two-model ensemble of frontier LLMs. The approach raises the cracking rates from 2.02\% to 8.48\%. Character distribution analysis further confirms how evolved prompts produce statistically more realistic passwords. Automated prompt evolution is a low-barrier yet effective way to strengthen LLM-based password auditing and underlining how attack pipelines show tendency via automated improvements.
Cite
@article{arxiv.2604.12601,
title = {LLM-Guided Prompt Evolution for Password Guessing},
author = {Vladimir A. Mazin and Mikhail A. Zorin and Dmitrii S. Korzh and Elvir Z. Karimov and Dmitrii A. Bolokhov and Oleg Y. Rogov},
journal= {arXiv preprint arXiv:2604.12601},
year = {2026}
}
Comments
11 pages, 5 figures