Claude just recovered $400K from a forgotten Bitcoin wallet. That's a security warning, not a magic trick.

Short summary

LLMs can now target-reconstruct passwords by synthesizing personal context and public data—collapsing the gap between human guessing and computational brute-force that past security relied on. Password-based encryption is now obsolete for long-term protection; rotate encrypted backups and keystores with random keys stored offline or in hardware vaults. For anything protecting money or sensitive data, enforce random key generation, audit old files as compromised, and treat your public footprint as part of your attack surface.

• •LLMs can reconstruct passwords using personal context and public biographical data via targeted dictionary attacks
• •Password-based encryption is now inadequate; rotate old encrypted files with 24+ character random keys stored in vaults
• •Treat public data as attack surface and audit any file containing credentials, APIs, or sensitive data as if already compromised

Generated with AI, which can make mistakes.