AI image model manages to crack CAPTCHAs

Swiss researchers have succeeded in training an AI model that knows how to solve a CAPTCHA puzzle every time. That may well mean that this method of distinguishing bots from human website visitors has jumped the shark.

The researchers at Zurich University of Technology ETH finetuned the existing YOLO (You Only Look Once) model to investigate whether it could solve the well-known CAPTCHA puzzles that many websites use to block bots. These puzzles prevent scripts from filling out forms or surveys, buying products, or performing other actions that should be reserved for human visitors.

Turing test for website visitors

CAPTCHA stands for ‘Completely Automated Public Turing test to tell Computers and Humans Apart’, which is exactly what it has been used for in recent years. Internet visitors must click on different images –and refrain from clicking on others– based on a task such as ‘select all crosswalks’. A bot doesn’t generally manage to pass this test, humans usually do.

However, the most widely used CAPTCHA test, Google’s reCAPTCHA version 2, is precisely the version that has now been cracked 100 percent of the time by a version of the YOLO image processing model. ETH researchers adapted the model for this task specifically. Previous attempts resulted in a success rate of ‘only’ 68 to 71 percent.

There are different variants of ReCAPTCHA. On the left, a 3×3 grid, in the middle a more complex 4×4 grid. The grid on the right replaces clicked images with new ones until nothing is left to click to fulfill the task.

Imitating human behaviour

The model took about as many attempts to solve the puzzle as human subjects, meaning the underlying CAPTCHA system will probably have trouble distinguishing between the two. Indeed, the more the model mimics human behaviour, the harder it is to do so. So it’s not just a matter of the model solving the puzzle as quickly as possible but doing so in a way that resembles how humans would do it.

In addition, the study found that reCAPTCHAv2 relies heavily on browser history and cookies to distinguish human visitors from bots. That means bots could potentially evade detection by mimicking human browsing behavior. Not surprisingly, the researchers recommend developing smarter CAPTCHA systems that consider advances in AI technology.

Also read: Cloudflare moves to block free AI bots

Top story

An insight into Russian ‘mature’ and ‘complex’ hacker groups

The Russian cyber underworld is not merely a shadowy collection of unstructured hackers, but a complex, inter...

Laura Herijgers April 8, 2025

Tech calendar

Whitepapers

Enhance your data protection strategy for 2025

The Data Protection Guide 2025 explores the essential strategies and...

Are you data and AI ready?

Discover the essential strategies and imperatives to create a data an...

AI image model manages to crack CAPTCHAs

Method to distinguish bots from humans no longer satisfactory

Turing test for website visitors

Imitating human behaviour

Stay tuned, subscribe!

Major data breach affects multiple Dutch ministries, impact still unclear

Atlassian’s System of Work vision takes shape with Teamwork Collection and Rovo AI Agents

Transparency in AI reasoning process falls short

Data breach at Dutch ministries caused by incorrect document uploading

EU launches action plan for cybersecurity in healthcare

Tech scene innovates for unprepared healthcare sector

ChatGPT is a bad doctor, but that shouldn’t surprise anyone

Orange Cyberdefense turns security into a business enabler

VeeamON 2025

GITEX ASIA

SAS Innovate 2025

.NEXT 2025

LambdaConf 2025

Qlik Connect 2025

AI & Data Architect

Cloud Account Executive – Slack

Try the latest high-end Synology backup system for free

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices

Are you data and AI ready?