Since the introduction of CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), a security measure intended to prevent automated bots from scraping data or abusing applications’ functionality, there has been an ongoing battle between having a good CAPTCHA that effectively deters automated attacks and having a CAPTCHA which remains easy for human users to solve. Ensuring ease of use is critical because complex CAPTCHAs can negatively impact the usability and overall user experience. It’s good to have your application secure, but it’s not good for users to feel frustrated or stuck when they can’t complete a CAPTCHA.
The rapid adoption of AI tools by malicious bot authors is rapidly shifting the battle in favor of the attackers. Fortunately, not all is lost: emerging CAPTCHA solutions are proving resistant to solving by AI, and non-CAPTCHA solutions continue to function well against AI-enabled attackers.
Modern AI Solves CAPTCHAs Easily
Even though CAPTCHAs relied on tasks thought to be easy for humans but hard for machines, AI’s rapid evolution in fields of computer vision, speech recognition, and behavior modeling has made those tasks easier for machines. Modern computer vision models can recognize patterns even in distorted or noisy images, and advanced object detection systems can recognize and identify a wide variety of entities with high accuracy; moreover, recent reinforcement learning algorithms can mimic human behavior, including mouse jitter and other hesitation patterns that are used to distinguish bots from legitimate users.
And anyone can test this with the modern era chat bots. Using GPT-4o, for example, it is possible to ask it to identify text in an image, or ask it to solve a specific captcha, as seen in the following images.
Zero Research Updates. Subscribe today!
Fighting Back Against AI: State-of-the-Art And Emerging Anti-Bot Solutions
CAPTCHA technologies have evolved in response to advances in automated solving techniques. The initial text-based CATPCHAs were a good start but quickly became obsolete as machine learning systems achieved near-perfect 99% recognition accuracy (Multi-digit Number Recognition from Street View Imagery using Deep Convolutional Neural Networks), even when CAPTCHAs implemented additional text distortion techniques. To overcome this, Google’s reCAPTCHA — the most widely used CAPTCHA solution — evolved to use image and audio challenges (reCAPTCHA v2), and later to include behavior-based risk scoring systems (reCAPTCHA v3). Nevertheless, modern automated machine learning solutions continued to achieve success rates between 80% and 100% on test datasets, using image recognition, speech-to-text, reinforcement learning techniques, and specific machine learning models such as YOLO.
In response to the diminishing reliability of reCAPTCHA, alternative frameworks emerged. Solutions such as hCaptcha and GeeTest have introduced innovative techniques which raised the difficulty for automated systems to solve. These include geometric masking — an example can be watermarks of squares or circles above the original image that intend to fool visual models and make them have less accuracy while still being perceptible for humans what the image content is — and interactive logic puzzles and reasoning tasks – which primarily use graphical elements instead of real images, examples can be asking a user to rotate some elements until they match a specific direction, or asking the user to slide a puzzle piece until it is above the intended position required to complete the puzzle. Nonetheless, researchers have already demonstrated bypass rates above 90% (A Low-Cost Attack against the hCaptcha System), emphasizing the ongoing challenge to build CAPTCHAs that remain secure against rapidly evolving AI systems.
The most recent security solutions now go beyond the simple traditional approaches. Drawing-based CAPTCHAs, such as sCaptcha, ask users to sketch and replicate shapes, and this has proven to be extremely difficult for AI systems with current automated solutions achieving only 20% success rate (Towards Understanding the Security of Modern Image Captchas and Underground Captcha-Solving Services). Similarly, new video-based CAPTCHAs, such as BounTCHA, ask users to identify transitions and boundaries in video clips: a task that humans can easily perform due to natural perception abilities, but that current AI models struggle to replicate. These approaches still lack large tests, but they represent promising directions in the ongoing effort to stay ahead of AI-driven attacks.
An unfortunate downside to implementing these AI-resistant CAPTCHA systems is that the strong CAPTCHA approaches often impact accessibility for people with vision impairments. When accessible alternatives exist they are significantly weaker than the strong primary CAPTCHA, allowing adversaries to bypass the AI-resistant variant in favor of the weaker variant that’s meant for use by those with impaired vision. As a result, while CAPTCHA systems can still be an effective “anti-bot” control, site operators can’t rely on them for a complete defense.What Can You Do to Be More Secure?
Friends Of And Alternatives to CAPTCHA
Apart from the implementation of a CAPTCHA solution alone, the following are additional mechanisms that developers can implement to make their applications more bot secure. These add another layer of defense that bots can’t bypass even if they successfully solve the captchas:
- Rate Limiting & Throttling: Limit the number of requests per IP, account or API key (if applicable). This can subsequently reduce automated scraping and prevent brute-force attacks.
- Honeypots & Trap-Based Techniques: Create hidden form fields, or other fake interactions like dummy API endpoints, that only bots will click or fill. This can act as a trap for you to know when an automated bot is performing actions in your application. It’s important to test these tactics with common screen reader software and other accessibility tools to avoid false positives, which could be especially problematic for services that have regulatory compliance requirements for accessibility.
- Token-Based Access: Use time-limited tokens (CSRF, JWTs, API keys) for actions. This significantly makes it harder for bots to replay or reforge requests.
- IP Reputation & Geolocation Checks: Block traffic coming from known suspicious IP addresses, or unusual locations, related to botnets.
- Counter AI solutions: Train your own machine learning model to distinguish between legitimate human interactions and automated bot interactions. Bots can be quite good at identifying other bots.
While bots and AI solutions keep evolving and are more than ever capable of bypassing even the most sophisticated CAPTCHA challenges, there is good news. Recent emerging solutions like sCaptcha and BounTCHA offer new reliable solutions that are yet to be bypassed. Nonetheless, we recommend that developers rely on a combination of multiple approaches, by integrating both CAPTCHA and non-CAPTCHA mechanisms, to difficult automated attacks while maintaining usability for legitimate users.