If you’re tired of the days of completing captcha tests to prove you aren’t a robot, you aren’t alone. Now, it seems that reCAPTCHAv2, the version you’re likely familiar with as the most recent version that directly tests your image recognition, can be beaten with a 100% success rate by current-gen AI models. Per a research paper appropriately titled “Breaking reCAPTCHAv2” submitted to arXiv on September 13, usage of the existing You Only Look Once (YOLO) object recognition model after training it with 14,000 labeled traffic images enabled it to defeat reCAPTCHAv2 with a 100% success rate.
So, what does this mean for Internet users and website operators today? It depends! As it turns out, Google’s reCAPTCHAv2 is actually a bit outdated compared to reCAPTCHAv3, which uses other metrics to determine whether a user is human or not rather than directly testing them with image recognition challenges… unless the web host chooses to enable the feature. There are potential false positives seen with reCAPTCHAv3 that, in theory, should be alleviated by the ability to fall back on the reCAPTCAv2 tests…but now that it’s common knowledge that reCAPTCHAv2 is defeatable, the landscape could change more quickly than we anticipate.
As the conclusion of the original paper says, “By conducting systematic experiments, we have shown that automated systems using advanced AI technologies, such as YOLO models, can successfully solve image-based captchas. […] This finding raises doubts about the reliability of image-based captchas as a definitive method for distinguishing between humans and bots. Our findings indicate that current captcha mechanisms are not immune to the rapidly advancing field of artificial intelligence.”
After discussing how future studies could be improved, the paper continues, “The use of Google’s reCAPTCHAv2 has played a crucial role in improving website security on the Internet by successfully differentiating between actual users and automated bots. It fulfills various practical applications, tackling some of the most urgent security issues on the Internet. For example, reCAPTCHAV2 addresses the scraping issue […] by preventing automated theft to divert advertising income or gain a competitive advantage. This has become more relevant with the popularity of Large Language Models, LLMs, and the massive amounts of data required to train them.”
In short, this study wasn’t done purely to flex the inadequacy of reCAPTCHAv2 in the face of the awesome power of AI. If anything, the researchers conclude that the existence of strong, functioning captcha systems or similar are good if not “vital” to have for the future of a healthy Internet— and they’re right! While the Introduction of the paper asserts that “we are now officially in the age beyond captchas”, the conclusion affirms the “necessity for captcha technologies to evolve proactively, staying ahead of AI’s rapid enhancements”.
