AI researchers demonstrate 100% success rate in bypassing online CAPTCHAs

reCAPTCHA
(Image credit: Shutterstock)

If you're tired of the days of completing captcha tests to prove you aren't a robot, you aren't alone. Now, it seems that reCAPTCHAv2, the version you're likely familiar with as the most recent version that directly tests your image recognition, can be beaten with a 100% success rate by current-gen AI models. Per a research paper appropriately titled "Breaking reCAPTCHAv2" submitted to arXiv on September 13, usage of the existing You Only Look Once (YOLO) object recognition model after training it with 14,000 labeled traffic images enabled it to defeat reCAPTCHAv2 with a 100% success rate.

So, what does this mean for Internet users and website operators today? It depends! As it turns out, Google's reCAPTCHAv2 is actually a bit outdated compared to reCAPTCHAv3, which uses other metrics to determine whether a user is human or not rather than directly testing them with image recognition challenges... unless the web host chooses to enable the feature. There are potential false positives seen with reCAPTCHAv3 that, in theory, should be alleviated by the ability to fall back on the reCAPTCAv2 tests...but now that it's common knowledge that reCAPTCHAv2 is defeatable, the landscape could change more quickly than we anticipate.

As the conclusion of the original paper says, "By conducting systematic experiments, we have shown that automated systems using advanced AI technologies, such as YOLO models, can successfully solve image-based captchas. [...] This finding raises doubts about the reliability of image-based captchas as a definitive method for distinguishing between humans and bots. Our findings indicate that current captcha mechanisms are not immune to the rapidly advancing field of artificial intelligence."

After discussing how future studies could be improved, the paper continues, "The use of Google's reCAPTCHAv2 has played a crucial role in improving website security on the Internet by successfully differentiating between actual users and automated bots. It fulfills various practical applications, tackling some of the most urgent security issues on the Internet. For example, reCAPTCHAV2 addresses the scraping issue [...] by preventing automated theft to divert advertising income or gain a competitive advantage. This has become more relevant with the popularity of Large Language Models, LLMs, and the massive amounts of data required to train them."

In short, this study wasn't done purely to flex the inadequacy of reCAPTCHAv2 in the face of the awesome power of AI. If anything, the researchers conclude that the existence of strong, functioning captcha systems or similar are good if not "vital" to have for the future of a healthy Internet— and they're right! While the Introduction of the paper asserts that "we are now officially in the age beyond captchas", the conclusion affirms the "necessity for captcha technologies to evolve proactively, staying ahead of AI's rapid enhancements".

TOPICS
Christopher Harper
Contributing Writer

Christopher Harper has been a successful freelance tech writer specializing in PC hardware and gaming since 2015, and ghostwrote for various B2B clients in High School before that. Outside of work, Christopher is best known to friends and rivals as an active competitive player in various eSports (particularly fighting games and arena shooters) and a purveyor of music ranging from Jimi Hendrix to Killer Mike to the Sonic Adventure 2 soundtrack.

  • hotaru251
    so since internet never lies to us and machines can not do "prove you arent a robot" are ai now human? (/s)


    joking aside wish they'd figure out a new less annoying captcha method as picture ones are just annoying as heck anymore. (especially when they have you click like 20 things as it adds new img blocks when you clear old one)
    Reply
  • InvalidError
    We're back to bots/AI being better at solving captchas than actual humans. Nice!

    Probably only a matter of time before websites require you to have an "actual human digital certificate" tied to your SSN to access content.
    Reply