When trying to grab tickets, this pops up unexpectedly. Can you choose the correct option?
Can you correctly align this puzzle every single time?
Sometimes, even a simple checkbox might require multiple attempts.
After years of outsmarting CAPTCHAs, frankly, we’re all a bit weary. But what if I told you that these CAPTCHAs are now ineffective against AI, and it’s us, the 100% human users, who are getting stuck?
Just recently, ‘Jiang Jiang’ discovered that AI agents can actually bypass various CAPTCHA types, including click-based, grid-selection, and even invisible ones.
Click-based CAPTCHAs are the most easily compromised. As early as July, when OpenAI’s Operator was released, people started testing it against Cloudflare. The commentary, “Let the robot click ‘I’m not a robot’ itself,” was met with amusement by many, who found it quite humorous.
For those involving grid selection, a developer manually created an agent that directly connected to GPT. This immediately achieved pixel-level recognition.
Whether it’s biscuits or cakes, stairs or traffic lights, the AI can identify them more clearly than humans.
Beyond explicit clicks, even implicit verification is no longer a hurdle.
By simply entering prompts in the command line, the agent can independently click on each field, input specific information, and complete form submission tasks. Notably, reCAPTCHA even awarded it a high score of 80% human-likeness.
We also personally tested different agents on click-based and sliding puzzle CAPTCHAs. To be clear, all operations from opening the webpage to completing the verification were done by the AI, with no human intervention.
The results were quite astonishing. Click-based CAPTCHAs proved to be no obstacle at all.
For sliding puzzles, the AI aligned them faster and more accurately than I could, leaving us completely surprised.
It seems the phrase “human-like” used to be a compliment for bots. Now, it appears that being called a “bot” might be the highest praise for a human. After all these demonstrations, I used to think CAPTCHAs were nearly defeated by AI. If they can’t even deter bots, what value do they hold?
With these questions in mind, we reached out to Mr. Xie Qiang, CTO of Jiyan, a leading domestic CAPTCHA enterprise. We sought a comprehensive explanation of CAPTCHA principles, purposes, and future directions, and discovered that CAPTCHAs are far more complex than they appear.
After our conversation, I realized, to my surprise, that humans are ultimately the more cunning ones.
Firstly, whether one can correctly answer the CAPTCHA is not the most critical factor in distinguishing humans from bots. In the long run, cost is the core issue.
For instance, before the advent of sophisticated AI models, hackers circumvented CAPTCHAs through brute force. They would use specific algorithms to attack website interfaces, obtaining all CAPTCHA images. After acquiring these images, they would outsource the task of identification and labeling – this is what we commonly refer to as “data labeling” or “CAPTCHA solving services.”
Ancient data labeling interface
In the past, hackers could process 300,000 images in about 10 days, at a cost of mere cents per image, keeping the total cost around four to five hundred yuan.
Of course, the defense strategy for CAPTCHA systems was simple: outcompete hackers on cost. Currently, CAPTCHA image sets in China are updated weekly, with the fastest updates occurring hourly. This frequency makes it virtually impossible for even the most determined attacker to keep up.
This principle remains the same in the AI era. As Mr. Xie Qiang explained, the cost of generating CAPTCHAs is currently significantly lower than the cost of identifying them. Many large AI models can readily solve image-based CAPTCHAs featuring everyday objects like bicycles and traffic lights.
However, abstract or non-realistic content poses a significant challenge for large models. For example, Mr. Xie Qiang shared an innovative CAPTCHA developed by his company that embeds human emotions within images generated by AI. The cost for generating these is around 0.1 yuan per image, while manual identification would cost approximately 0.3 yuan per image.
Attempting to use AI to recognize such images may result in even higher costs. Even with 10,000 such images, a new AI model might struggle to learn them effectively. It might necessitate training a new large model from scratch, a financial and temporal investment that most hackers cannot afford.
Solving the CAPTCHA is merely the first layer of defense. The second layer monitors user IP addresses. If an IP is flagged, the verification difficulty is immediately escalated, making it significantly harder to pass.
Consider this: if you try to watch a show and are repeatedly presented with security checks 20 times, it’s likely not because you’re failing! The issue could be a bug, or you may have been flagged as a “high-risk user.”
Source: Xiaohongshu @momo
Being flagged can result in minor inconveniences like multiple CAPTCHAs per visit or traffic throttling, or more severe consequences like IP bans. While legitimate users might be unfairly inconvenienced, attackers have limited options: either comply with the verification or frequently change IPs and maintain clean ones, both of which incur significant costs.
There are various reasons why a system might flag a user.
For example, if a user accesses a website through one persona (e.g., Chrome browser) but interacts with the CAPTCHA using another persona (e.g., AI, mini-program, app automation), the system, by examining HTTP communication logs, will detect an inconsistency, triggering a strong response.
Source: Duke University Course Poster
Therefore, even if hackers repeatedly find ways to bypass CAPTCHAs, the overall goal is achieved if the cost of such an endeavor becomes prohibitive. If attackers perceive the business as unprofitable due to escalating costs, then CAPTCHAs serve their purpose.
However, these countermeasures can sometimes be a double-edged sword, causing collateral damage.
In terms of user experience, the CAPTCHAs designed by Mr. Xie Qiang, for instance, can be extremely time-consuming. One particular type requires matching a target image by clicking on identical options, which can easily lead to a minute-long wait.
Click on the option with the same pattern as the top right corner.
For the average user, the question arises: do they have the time and patience to decipher these complex challenges? Personally, I would likely abandon the process and exit.
Conversely, focusing solely on IP tracking can disproportionately affect innocent users. For instance, if you’re using public Wi-Fi and many users have recently completed CAPTCHAs from the same company, the system might interpret this as a single IP making numerous suspicious requests across various sites.
Similarly, unstable mobile network signals can cause your IP address to fluctuate rapidly between your device’s cellular connection and Wi-Fi, which can also be flagged as suspicious behavior.
Therefore, Mr. Xie Qiang believes that the future of CAPTCHA development is inextricably linked with business data analysis.
By leveraging data, it becomes possible to differentiate between legitimate users and malicious actors, thus alleviating the burden on everyone. After all, hackers bypass CAPTCHAs primarily for malicious purposes such as data scraping or ticket scalping. In these scenarios, there are common patterns, such as repeated access to website or application pages.
For instance, when browsing Taobao, our casual browsing habits create a different server load compared to a web crawler systematically scraping every page.
If each system can independently monitor and calculate the burden imposed by every user through backend data analysis, it can precisely identify abnormal users and decide whether to impose restrictions or charge for access. This increases the cost for attackers, thereby mitigating threats without impacting legitimate users.
In summary, the battle between humans and machines is far from over with the advent of AI. The battlefield has simply shifted from the familiar CAPTCHA types to more sophisticated behavioral analysis and cost-based stratagems.
CAPTCHAs are merely a tool. This technology, originating in 1997, may soon be replaced by more effective and seamless interception methods due to the impact of AI.
However, while CAPTCHAs might disappear, the challenge of distinguishing between humans and machines will perpetually exist. We can only hope for a future where we no longer need to manually prove our humanity.
