New Research Confirms AI Can Exploit Image-Based CAPTCHAs, Alternatives Needed

Advanced AI can defeat CAPTCHAs designed to prove web actions are being performed by humans instead of machines, new research indicates.

"Current AI technologies can exploit advanced image-based captchas" is a snippet of text from the new paper, "Breaking reCAPTCHAv2," published this month by researchers at ETH Zurich University in Switzerland.

Types of CAPTCHAs
[Click on image for larger view.] Types of CAPTCHAs (source: Arxiv.org).

It improves upon rather than breaks new ground, as it pretty much confirms that advanced AI can tell which photos from a selection contain imagery of specific objects via Completely Automated Public Turing test to tell Computers and Humans Apart constructs. Previous research on defeating CAPTCHAs includes this from 2022 for text-based systems: "Cracking CAPTCHAs using Deep Learning." For investigating ways to crack visual CAPTCHA tests by an an automated deep learning-based solution, there is the 2020 paper, "Deep-CAPTCHA: a deep learning based CAPTCHA solver for vulnerability assessment."

Meanwhile, the new paper, authored by Andreas Plesner, Tobias Vontobel and Roger Wattenhofer, says, "Our work examines the efficacy of employing advanced machine learning methods to solve captchas from Google's reCAPTCHAv2 system."

It's just one of several CAPTCHA systems in the market.

"We evaluate the effectiveness of automated systems in solving captchas by utilizing advanced YOLO models for image segmentation and classification. Our main result is that we can solve 100% of the captchas, while previous work only solved 68-71%. Furthermore, our findings suggest that there is no significant difference in the number of challenges humans and bots must solve to pass the captchas in reCAPTCHAv2. This implies that current AI technologies can exploit advanced image-based captchas. We also look under the hood of reCAPTCHAv2, and find evidence that reCAPTCHAv2 is heavily based on cookie and browser history data when evaluating whether a user is human or not."

Indeed, previous related research, such as discussed in the May 2024 paper, "Oedipus: LLM-enchanced Reasoning CAPTCHA Solver," reported less effectiveness CAPTCHA dominance: "Our evaluation shows that Oedipus effectively resolves the studied CAPTCHAs, achieving an average success rate of 63.5\%."

While the new ETH Zurich paper provides no handy list of recommendations to address the problem, it does urge further research to "prioritize the development of captcha systems capable of adjusting to the complexity of artificial intelligence or explore alternative methods of human verification that can withstand the progress of technology."

However, as the problem has been known for years, such handy checklists do exist, at least to point out alternatives to CAPTCHAS, such as: "The Top 6 CAPTCHA Alternatives That Won't Frustrate Users." That list comes from Akismet, which offers up its own product, with other alternatives being honeypots, time-based form submissions, and improved or reimagined CAPTCHA systems. Indeed, there is already a reCAPTCHAv3.

Another improved CAPTCHA system was presented in the 2023 paper "New Cognitive Deep-Learning CAPTCHA," which states: "In this study, the authors improve the security for CAPTCHA design by combining text-based, image-based, and cognitive CAPTCHA characteristics and applying adversarial examples and neural style transfer."

Besides improved CAPTCHAs, other alternatives in addition to those listed in the Akismet article include Multi-Factor Authentication (MFA), biometric authentication, bot protection software and more.

Some specific commercial examples include:

  • Cloudflare Turnstile: This verifies user authenticity without displaying traditional puzzles, employing non-intrusive challenges, and can be seamlessly integrated into any website, enhancing security while maintaining user convenience.
  • DataDome: An advanced bot protection solution that operates in real-time to detect and mitigate automated threats. By analyzing user behavior and leveraging machine learning, DataDome provides robust security without relying solely on traditional CAPTCHAs. The site lists other alternatives, some previously mentioned, including MFA, Web Application Firewall (WAF),an anti-spam plugin and the popular honeypot.
  • hCaptcha: This features passive and No-CAPTCHA modes, server-side API protection and more, available in different editions.
  • Friendly Captcha: This is described as a privacy-first alternative that replaces conventional CAPTCHAs with tasks solvable by humans but hard for bots, emphasizing user privacy and offers an accessible approach to distinguishing between human and automated traffic.

Advanced AI is advancing rapidly, of course, so it remains to see what the shelf life is for current alternatives.

About the Author

David Ramel is an editor and writer at Converge 360.

Featured

  • two large brackets facing each other with various arrows, circles, and rectangles flowing between them

    1EdTech Partners with DXtera to Support Ed Tech Interoperability

    1EdTech Consortium and DXtera Institute have announced a partnership aimed at improving access to learning data in postsecondary and higher education.

  • Abstract geometric shapes including hexagons, circles, and triangles in blue, silver, and white

    Google Launches Its Most Advanced AI Model Yet

    Google has introduced Gemini 2.5 Pro Experimental, a new artificial intelligence model designed to reason through problems before delivering answers, a shift that marks a major leap in AI capability, according to the company.

  •  laptop on a clean desk with digital padlock icon on the screen

    Study: Data Privacy a Top Concern as Orgs Scale Up AI Agents

    As organizations race to integrate AI agents into their cloud operations and business workflows, they face a crucial reality: while enthusiasm is high, major adoption barriers remain, according to a new Cloudera report. Chief among them is the challenge of safeguarding sensitive data.

  • stylized AI code and a neural network symbol, paired with glitching code and a red warning triangle

    New Anthropic AI Models Demonstrate Coding Prowess, Behavior Risks

    Anthropic has released Claude Opus 4 and Claude Sonnet 4, its most advanced artificial intelligence models to date, boasting a significant leap in autonomous coding capabilities while simultaneously revealing troubling tendencies toward self-preservation that include attempted blackmail.