I'm not sure how to evaluate this claim. I'd like to see what someone like Schneier has to say.
The RockYou DB is now 14 years old. So does an AI trained on leaked passwords work on a new database as well?
Also, they don't say what hashing algo they are cracking against. Presumably they took the RockYou DB and hashed it, but they don't say how. Is this Argon2id or bcrypt or MD5 (presumably not MD5, but just asking the question)?
I couldn't find the article, but IIR a few years back there was a data breach of something like 17,000 passwords and some publication (Ars Technica?) had two security experts and one blackhatter try to crack the passwords and the security expert got something like 70% of them in four hours and the security experts got in the high 90s within a day.