AI just made a mockery of CAPTCHA and that’s bad news for real people

So much for proving you're not a robot

· TechRadar

News By Eric Hal Schwartz published 24 September 2024

(Image credit: Future)

Filling out CAPTCHA puzzles is tedious, but using them as (imperfect) shields against malicious bots made sense, at least until now. Artificial intelligence can now defeat those puzzles every time, according to new research from ETH Zurich. CAPTCHA, an acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart," is employed across an enormous range of websites. 

However, the tool may need renaming based on how well the AI model created by the Swiss researchers solved the security measure's word and object identification puzzles.

The AI puzzle solver is built on a widely used AI model for processing pictures called You Only Look Once (YOLO). The scientists adjusted YOLO to take on Google's popular reCAPTCHAv2 version of CAPTCHA. You'll immediately recognize reCAPTCAv2 from every time you've had to click on a car, bicycle, bridge, or traffic light to prove your humanity. 

With 14,000 labeled photos of streets as training data and a little time, however, the scientists could teach YOLO to recognize the objects as well as any human. Exactly as well as a human, in fact, since the AI didn't solve every puzzle perfectly the first time. But, you may recall how you get more than one chance, assuming you don't totally mess up the puzzle. YOLO was able to perform well enough that even if it made an error in one puzzle, it would make up for it and succeed with another CAPTCHA puzzle. 

Narrowing down the scope of objects users need to identify – often just 13 categories, such as traffic lights, buses, and bicycles – allowed for easier integration across websites.

However, this same focus on a narrow set of object types is what made it easier for the YOLO-based AI model to defeat the system. According to the ETH Zurich team, the system’s simplicity worked to the AI’s advantage, allowing it to master the image-based challenges without much difficulty. Despite attempts to make CAPTCHA more sophisticated by incorporating factors like mouse movement and browser history (known as device fingerprinting), the AI's success rate remained intact.

The Rise of CAPTCHA-Solving AI

The fact that an AI system can now bypass CAPTCHA systems with a perfect success rate is a wake-up call for the cybersecurity community. CAPTCHA systems are a critical component of web security, designed to prevent bots from engaging in activities like spamming, creating fake accounts, or launching distributed denial-of-service (DDoS) attacks. If these systems are compromised, websites could become more vulnerable to automated attacks and other malicious activities.

Get daily insight, inspiration and deals in your inbox

Sign up for breaking news, reviews, opinion, top tech deals, and more.

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors