EPAS (Enterprise Password Assessment System) is an on-premises or private cloud appliance solution for enterprise password security assessment and enforcement. It identifies and prevents insecure, reused, and compromised passwords without exposing plaintext passwords, using a sealed, secure evaluation environment. EPAS consists of two main components: - **EPAS Audit**: Conducts privacy-compliant password security assessments by simulating attack scenarios (brute-force, credential leaks, AI-based attacks) against existing password hashes, without storing or revealing the recovered plaintext. - **EPAS Enforcer**: An optional add-on that blocks insecure passwords during password changes, leveraging metrics produced by EPAS Audit. The system includes a large, regularly refreshed database of compromised credentials, sourced from dark web forums, malware logs, and public breach datasets (e.g., Have I Been Pwned). Unlike hash-only solutions, this dataset is stored in plaintext, enabling detection of both exact matches and slightly altered variants of compromised passwords across all supported systems. EPAS employs AI and machine learning (including LLMs such as GPT) to detect passwords vulnerable to AI-based attacks, and uses NVIDIA CUDA GPU acceleration for hardware-accelerated cracking simulations. The appliance can be deployed within 24 hours and requires no software installation on protected systems. It supports compliance with ISO 27001/27002, NIST SP 800-63B, NIS2, DORA, SOCI, and BSI IT-Grundschutz. The platform provides APIs for SOC and third-party integration, enterprise-grade reporting, multi-tenant capability, and unlimited scalability across data centers and countries. It is protected by US and EU patents.