Years ago I wrote something similar to test a biometric security piece that used keystroke timings (dwell and stroke) to determine if the person typing the password is the same person who owns the account. Short version of a long story is that it would be trivial to get data for AI to reproduce human typing. Because I did it years ago using something only slightly more sophisticated than urandom.