New Research Confirms AI Can Defeat Image-Based CAPTCHAs

Advanced AI can exploit CAPTCHAs designed to prove web actions are being performed by humans instead of machines, new research indicates.

"Current AI technologies can exploit advanced image-based captchas" is a snippet of text from the new paper, "Breaking reCAPTCHAv2," published this month by researchers at ETH Zurich University in Switzerland.

Types of CAPTCHAs
[Click on image for larger view.] Types of CAPTCHAs (source: Arxiv.org).

It improves upon rather than breaks new ground, as it pretty much confirms that advanced AI can tell which photos from a selection contain imagery of specific objects via Completely Automated Public Turing test to tell Computers and Humans Apart constructs. Previous research on defeating CAPTCHAs includes this from 2022 for text-based systems: "Cracking CAPTCHAs using Deep Learning." For investigating ways to crack visual CAPTCHA tests by an an automated deep learning-based solution, there is the 2020 paper, "Deep-CAPTCHA: a deep learning based CAPTCHA solver for vulnerability assessment."

Meanwhile, the new paper, authored by Andreas Plesner, Tobias Vontobel and Roger Wattenhofer, says, "Our work examines the efficacy of employing advanced machine learning methods to solve captchas from Google's reCAPTCHAv2 system."

It's just one of several CAPTCHA systems in the market.

"We evaluate the effectiveness of automated systems in solving captchas by utilizing advanced YOLO models for image segmentation and classification. Our main result is that we can solve 100% of the captchas, while previous work only solved 68-71%. Furthermore, our findings suggest that there is no significant difference in the number of challenges humans and bots must solve to pass the captchas in reCAPTCHAv2. This implies that current AI technologies can exploit advanced image-based captchas. We also look under the hood of reCAPTCHAv2, and find evidence that reCAPTCHAv2 is heavily based on cookie and browser history data when evaluating whether a user is human or not."

Indeed, previous related research, such as discussed in the May 2024 paper, "Oedipus: LLM-enchanced Reasoning CAPTCHA Solver," reported less effectiveness CAPTCHA dominance: "Our evaluation shows that Oedipus effectively resolves the studied CAPTCHAs, achieving an average success rate of 63.5\%."

While the new ETH Zurich paper provides no handy list of recommendations to address the problem, it does urge further research to "prioritize the development of captcha systems capable of adjusting to the complexity of artificial intelligence or explore alternative methods of human verification that can withstand the progress of technology."

However, as the problem has been known for years, such handy checklists do exist, at least to point out alternatives to CAPTCHAS, such as: "The Top 6 CAPTCHA Alternatives That Won't Frustrate Users." That list comes from Akismet, which offers up its own product, with other alternatives being honeypots, time-based form submissions, and improved or reimagined CAPTCHA systems. Indeed, there is already a reCAPTCHAv3.

Another improved CAPTCHA system was presented in the 2023 paper "New Cognitive Deep-Learning CAPTCHA," which states: "In this study, the authors improve the security for CAPTCHA design by combining text-based, image-based, and cognitive CAPTCHA characteristics and applying adversarial examples and neural style transfer."

Besides improved CAPTCHAs, other alternatives in addition to those listed in the Akismet article include Multi-Factor Authentication (MFA), biometric authentication, bot protection software and more.

Some specific commercial examples include:

  • Cloudflare Turnstile: This verifies user authenticity without displaying traditional puzzles, employing non-intrusive challenges, and can be seamlessly integrated into any website, enhancing security while maintaining user convenience.
  • DataDome: An advanced bot protection solution that operates in real-time to detect and mitigate automated threats. By analyzing user behavior and leveraging machine learning, DataDome provides robust security without relying solely on traditional CAPTCHAs. The site lists other alternatives, some previously mentioned, including MFA, Web Application Firewall (WAF),an anti-spam plugin and the popular honeypot.
  • hCaptcha: This features passive and No-CAPTCHA modes, server-side API protection and more, available in different editions.
  • Friendly Captcha: This is described as a privacy-first alternative that replaces conventional CAPTCHAs with tasks solvable by humans but hard for bots, emphasizing user privacy and offers an accessible approach to distinguishing between human and automated traffic.

Advanced AI is advancing rapidly, so it remains to see what the shelf life is for current alternatives.

About the Author

David Ramel is an editor and writer at Converge 360.

Featured

  • close-up of a formal document with a bold red "VETO" stamp angled across the paper, set on a simple, neutral background

    California Governor Vetoes AI Regulation Bill

    California Governor Gavin Newsom has rejected Senate Bill 1047, proposed landmark AI regulation legislation aimed at safeguarding against the misuse of the technology.

  • stylized illustration of two children engaged in engineering activities, one using a tablet and the other assembling mechanical parts like gears and pulleys, set against a colorful background with abstract shapes

    Applications Open for DiscoverE STEM Grant Opportunities

    Discover Engineering is accepting applications for Engineers Week and Girl Day 2025, two grant opportunities dedicated to inspiring the next generation of innovators through experiential learning in the field of engineering.

  • minimalist illustration conveying security threats, featuring a blue gradient cloud with a metallic silver padlock at its center

    Human Factor Moves to Top Cloud Threat in Cloud Security Alliance Report

    The No. 1 cybersecurity threat in the cloud has changed from a couple years ago, according to a new report from the Cloud Security Alliance (CSA), which provided handy mitigation strategies and suggested AI can help (or hurt).

  • a stylized magnifying glass and a neural network pattern with interconnected nodes, symbolizing search and AI processes

    OpenAI Launching AI-Powered Search Engine

    OpenAI has unveiled SearchGPT, a new AI-powered search engine designed to access information from across the internet in real time. The much-anticipated prototype will provide more organized and meaningful search results by summarizing and contextualizing information rather than returning lists of links.