OpenAI's ChatGPT Agent casually clicks through "I am not a robot" verification
296 comments
·July 28, 2025theptip
armchairhacker
It's impossible to solve. A sufficient agent can control a device that records the user's screen and interacts with their keyboard/mouse, and current LLMs basically pass the Turing test.
IMO it's not worth solving anyways. Why do sites have CAPTCHA?
- To prevent spam, use rate limiting, proof-of-work, or micropayments. To prevent fake accounts, use identity.
- To get ad revenue, use micropayments (web ads are already circumvented by uBlock and co).
- To prevent cheating in games, use skill-based matchmaking or friend-group-only matchmaking (e.g. only match with friends, friends of friends, etc. assuming people don't friend cheaters), and make eSport players record themselves during competition if they're not in-person.
What other reasons are there? (I'm genuinely interested and it may reveal upcoming problems -> opportunities for new software.)
Latty
People just confidently stating stuff like "current LLMs basically pass the Turing test" makes me feel like I've secretly been given much worse versions of all the LLMs in some kind of study. It's so divorced from my experience of these tools, I genuinely don't really understand how my experience can be so far from yours, unless "basically" is doing a lot of heavy lifting here.
JohnFen
> "current LLMs basically pass the Turing test" makes me feel like I've secretly been given much worse versions of all the LLMs in some kind of study.
I think you may think passing the Turing test is more difficult and meaningful than it is. Computers have been able to pass the Turing test for longer than genAI has been around. Even Turing thought it wasn't a useful test in reality. He meant it as a thought experiment.
falcor84
As far as I understand, Turing himself did not specify a duration, but here's an example paper that ran a randomized study on (the old) GPT 4 with a 5 minute duration, and the AI passed with flying colors - https://arxiv.org/abs/2405.08007
From my experience, AI has significantly improved since, and I expect that ChatGPT o3 or Claude 4 Opus would pass a 30 minute test.
x187463
Per the wiki article for Turing Test:
> In the test, a human evaluator judges a text transcript of a natural-language conversation between a human and a machine. The evaluator tries to identify the machine, and the machine passes if the evaluator cannot reliably tell them apart. The results would not depend on the machine's ability to answer questions correctly, only on how closely its answers resembled those of a human.
Based on this, I would agree with the OP in many contexts. So, yeah, 'basically', is a load bearing word here but seems reasonably correct in the context of distinguishing human vs bot in any scalable and automated way.
AberrantJ
Here's three comments, two were written by a human and one written by a bot - can you tell which were human and which were a bot?
Didn’t realize plexiglass existed in the 1930s!
I'm certainly not a monetization expert. But don't most consumers recoil in horror at subscriptions? At least enough to offset the idea they can be used for everything?
Not sure why this isn’t getting more attention - super helpful and way better than I expected!
1una
Well, LLMs do pass the Turing Test, sort of.
armchairhacker
It can't mimic a human over the long term. It can solve a short, easy-for-human CAPTCHA.
cm2012
I have seen data from an AI call center that shows 70% of users never suspected they spoke to an AI
saurik
I agree with you on how websites should work (particularly so on the micropayments front); but, I don't agree that it is impossible to solve... I just think things are going to get a LOT worse on the ownership and freedom front: they will push a Web Integrity style DRM and further roll out signed secure boot, at which point the same attention monitoring solution that already exists and already works in self-driving cars to ensure the human driver is watching the road can use the now-ubiquitous front-facing meeting/selfie camera to ensure there is a human watching the ads.
davidmurdoch
I've had a simple game website with a sign up form that was only an email address. Went years with no issue. Then suddenly hundreds of daily signups with random email addresses, every single day.
The sign up form only serves to link saved state to an account so a user could access game history later, there are no gated features. No clue what they could possibly gain from doing this, other than to just get email providers to all mark my domain as spam (which they successfully did).
The site can't make any money, and had only about 1 legit visitor a week, so I just put a cloudflare captcha in front of it and called it a day.
mprovost
Google at least uses captchas to gather training data for computer vision ML models. That's why they show pictures of stop lights and buses and motorcycles - so they can train self-driving cars.
layer8
From https://www.vox.com/22436832/captchas-getting-harder-ai-arti...:
“Correction, May 19 [2021]: At 5:22 in the video, there is an incorrect statement on Google’s use of reCaptcha V2 data. While Google have used V2 tests to help improve Google Maps, according to an email from Waymo (Google’s self-driving car project), the company isn’t using this image data to train their autonomous cars.”
theptip
That’s not the original purpose of Captchas, it’s just a value-harvesting exercise, given that Google is doing a Captcha anyway. Other Captcha providers do a simple Proof of Work in the browser to make bots economically unviable.
nolist_policy
Interesting, do you have a source for this?
HarHarVeryFunny
It's not impossible to solve, just that doing so may necessitate compromising anonymity. Just require users (humans, bots, AI agents, ...) to provide a secure ID of some sort. For a human it could just be something that you applied for once and is installed on your PC/phone, accessible to the browser.
Of course people can fake it, just as they fake other kinds of ID, but it would at least mean that officially sanctioned agents from OpenAI/etc would need to identify themselves.
qcnguy
You can't prevent spam like that. Rate limiting: based on what key? IP address? Botnets make it irrelevant.
Proof of work? Bots are infinitely patient and scale horizontally, your users do not. Doesn't work.
Micropayments: No such scheme exists.
theptip
PoW does seem to work, some Captchas do this already.
hombre_fatal
Also “identity”, what would that even mean?
jobs_throwaway
> current LLMs basically pass the Turing test
I will bet $1000 on even odds that I am able to discern a model from a human given a 2 hour window to chat with both, and assuming the human acts in good faith
Any takers?
spiderice
That fact that you require even odds is more a testament to AI's ability to pass the Turing test than anything else I've seen in this thread
Thews
Oh, you sweet summer child. You think you're chatting with some dime-a-dozen LLM? I've been grinding away, hunched over glowing monitors in a dimly lit basement, subsisting on cold coffee and existential dread ever since GPT-3 dropped, meticulously mastering every syntactic nuance, every awkwardly polite phrasing, every irritatingly neutral tone, just so I can convincingly cosplay as a language model and fleece arrogant gamblers who foolishly wager they can spot a human in a Turing test. While you wasted your days bingeing Netflix and debating prompt engineering, I studied the blade—well, the keyboard anyway—and now your misguided confidence is lining my pockets.
nprateem
"Write a 1000 word story in under a minute about a sausage called Barry in the circus"
I could tell in 1 minute.
827a
Its absolutely possible to solve; you're just not seeing the solution because you're blinded by technical solutions.
These situations will commonly be characterized by: a hundred billion dollar company's computer systems abusing the computer systems of another hundred billion dollar company. There are literally existing laws which have things to say about this.
There are legitimate technical problems in this domain when it comes to adversarial AI access. That's something we'll need to solve for. But that doesn't characterize the vast majority of situations in this domain. The vast majority of situations will be solved by businessmen and lawyers, not engineers.
senko
> As a user I want the agent to be my full proxy. As a website operator I don’t want a mob of bots draining my resource
The entire distinction here is that as a website operator you wish to serve me ads. Otherwise, an agent under my control, or my personal use of your website, should make no difference to you.
I do hope this eventually leads to per-visit micropayments as an alternative to ads.
Cloudflare, Google, and friends are in unique position to do this.
theptip
> The entire distinction here is that as a website operator you wish to serve me ads
While this is sometimes the case, it’s not always so.
For example Fediverse nodes and self-hosted sites frequently block crawlers. This isn’t due to ads, rather because it costs real money to serve the site and crawlers are often considered parasitic.
Another example would be where a commerce site doesn’t want competitors bulk-scraping their catalog.
In all these cases you can for sure make reasonable “information wants to be free” arguments as to why these hopes can’t be realized, but do be clear that it’s a separate argument from ad revenue.
I think it’s interesting to split revenue into marginal distribution/serving costs, and up-front content creation costs. The former can easily be federated in an API-centric model, but figuring out how to compensate content creators is much harder; it’s an unsolved problem currently, and this will only get harder as training on content becomes more valuable (yet still fair use).
senko
> it costs real money to serve the site and crawlers are often considered parasitic.
> Another example would be where a commerce site doesn’t want competitors bulk-scraping their catalog
I think of crawlers that bulk download/scrape (eg. for training) as distinct from an agent that interacts with a website on behalf of one user.
For example, if I ask an AI to book a hotel reservation, that's - in my mind - different from a bot that scrapes all available accommodation.
For the latter, ideally a common corpus would be created and maintained, AI providers (or upstart search engines) would pay to access this data, and the funds would be distributed to the sites crawled.
(never gonna happen but one can dream...)
spongebobstoes
I think that a free (as in beer) Internet is important. Putting the Internet behind a paywall will harm poor people across the world. The harms caused by ad tracking are far less than the benefits of free access to all of humanity.
meowface
I agree with you. At the same time, I never want to see an ad. Anywhere. I simply don't. I won't judge services for serving ads, but I absolutely will do anything I can on the client-side to never be exposed to any.
I find ads so aesthetically irksome that I have lost out on a lot of money across the past few decades by never placing any ads on any site or web app I've released, simply because I'd find it hypocritical to expose others to something I try so hard to avoid ever seeing and because I want to provide the best and most visually appealing possible experience to users.
bee_rider
So far, ad driven Internet has been a disaster. It was better when producing content wasn’t a business model; people would just share things because they wanted to share them. The downside was it was smaller.
It’s kind of funny to remember that complaining about the “signal to noise ratio” in a comment section use to be a sort of nerd catchphrase thing.
null
jowea
Serving ads for third-worlders is way less profitable though.
hardwaresofton
Well we call them browser agents for a reason, a sufficiently advanced browser is no different from an agent.
Agree it will become a battleground though, because the ability for people to use the internet as a tool (in fact, their tool’s tool) will absolutely shift the paradigm, undesirably for most of the Internet, I think.
base698
I have a product I built that uses some standard automation tools to do order entry into an accounting system. Currently my customer pays people to manually type the orders in from their web portal. The accounting system is closed and they don’t allow easy ways to automate these workflows. Automation is gated behind mega expensive consultants. I’m hoping in the arms race of locking it down to try to prevent 3rd party integration the AI operator model will end up working.
Hard for me to see how it’s ethical to force your customers to do tons of menial data entry when the orders are sitting right there in json.
pj_mukh
One solution: Some sort of checksum confirming that a bot belongs to a human (and which human)?
I want to able to automate mundane tasks but I should still be confirming everything my bot does and be liable for its actions.
CSMastermind
With the way the UK is going I assume we'll soon have our real identities tied to any action taken on a computer and you'll face government mandated bans from the internet for violations.
foobarian
Drink verification can to continue
irjustin
real problems for people who need to verify identity/phone numbers. OTPs are notorious for scammers to war dial phone numbers abusing it for numbers existence.
We got hit from human verifiers manually war dailing us, this is with account creation, email verify and captcha. I can only imagine how much worse it'll be for us (and Twilio) to do these verifications.
osigurdson
Perhaps the question is, as a website operator how am I monetizing my site? If monetizing via ads then I need humans that might purchase something to see my content. In this situation, the only viable approach in my opinion is to actually charge for the content. Perhaps it doesn't even make sense to have a website anymore for this kind of thing and could be dumped into a big database of "all" content instead. If a user agent uses it in a response, the content owner should be compensated.
If your site is not monetized by ads then having an LLM access things on the user's behalf should not be a major concern it seems. Unless you want it to be painful for users for some reason.
miki123211
It will also accelerate the trend of app-only content, as well as ubiquitous identity verification and environment integrity enforcement.
Human identity verification is the ultimate captcha, and the only one AGI can never beat.
echelon
So the agent will run the app in a VM and then show the app your ID.
No trouble at all. Barely an inconvenience.
vineyardmike
Google has been testing “agentic” automation in Android longer than LLMs have been around. Meanwhile countries are on a slow march to require identification across the internet (“age verification”) already.
This is both inevitable already, and not a problem.
Izkata
> Maybe they should change the button to say, "I am a robot"?
Long time ago I saw a post where someone running a blog was having trouble keeping spam out of their comments, and eventually had this same idea. The spambots just filled out every form field they could, so he added a checkbox, hid the checkbox with CSS, and rejected any submission that included it. At least at the time it worked far better than anything else they'd tried.
starshadowx2
Something like this is used in some Discord servers. You can make a honeypot channel that bans anyone who posts in it, so if you do happen to get a spam bot that posts in every channel it effectively bans itself.
3036e4
Most web forums I used the visit had something like that back in the day. Worked against primitive pre-LLM bots and presumably also against non-English-reading human spammers.
mudkipdev
There is a new method with the 'server onboarding' where if you select a role when joining it auto bans you.
JangoSteve
This was a common approach called a "honeypot". As I recall, bots eventually overcame this approach by evaluating visibility of elements and only filling out visible elements. We then started ensuring the element was technically visible (i.e. not `display: none` or `visibility: hidden`) and instead absolutely positioning elements to be off screen. Then the bots started evaluating for that as well. They also got better at reading the text for each input.
iwwr
Each step in that chain is harder to do and more computationally expensive.
bo1024
Yeah, this is a classic honeypot trick and very easy to do with pure HTML/CSS. I used a hidden "Name" text field which I figured would be appealing to bots.
mmsc
That's more or less how Project Honey Pot [0] worked for forums, blogs, and elsewhere. Cloudflare spawned from this project, as I remember, and Matthew Prince was the founder.
ChrisMarshallNY
I did something almost identical. I think I added a bogus "BCC:" field (many moons ago).
It worked almost 100% of the time. No need for a CAPTCHA.
Legend2440
Would not work in this case, because it is actually rendering the page in a browser.
throwaway290
I know people who did this decades ago and it worked
rany_
The only reason why people don't use AI models to solve captchas is because paying humans is actually MUCH cheaper.
This is not an advert, I only know about them because it was integrated with Invidious at some point: https://anti-captcha.com/
> Starting from 0.5USD per 1000 images
amirhirsch
Captcha can detect the same person passing a captcha over and over. We shadow-ban to increase the cost of this kind of attack.
Source: I wrote the og detection system for hCaptcha
rany_
This is really interesting. How can you detect when it's the same person passing a captcha? I don't think IP addresses are of any use here as Anti-Captcha proxies everything to their customer's IP address.
amirhirsch
I don't know exactly what they do now, bloom filters was a thing then, also lots of heuristic approaches based on the bots we detected. the OP agent example actually would fail the very first test I deployed which looked for basic characteristics of the mouse movement
Here's a fun experiment for someone: 1) Give N people K fake credit cards to enter into a form, and have them solve a captcha 2) Take recorded keyboard and mouse data similar to the captcha 3) Train a neural network model to identify
I've been out of this for 6 years but I bet transformers rock this problem now.
lan321
Half of their employees seem to be from Venezuela. Makes sense considering what they did/do in OSRS to earn a living.
amelius
I want this in my browser, and I'll happily pay $1 per 1000 uses.
im3w1l
There is nothing preventing this from becoming an issue. The current internet order is coasting on inertia.
bugtodiffer
Why is it an issue that non-humans visit your site?
Aurornis
If you have a static site with content you want to share broadly, nothing is wrong.
It becomes a problem when it’s used to spam unwanted content faster than your human moderators can come up with.
Someone might bot to scrape your content and repackage it on their own site for profit.
The bots might start interacting with your real users, making them frustrated and driving them away.
diggan
Apparently serving HTML + other static content is more expensive than ever, probably because people go the most expensive routes for hosting their content. Then they complain about bots making their websites cost $100/month to host, when they could have thrown up Nginx/Caddy on a $10/month VPS and basically get the same thing, except they would need to learn server maintenance too, so obviously outside the question.
miki123211
3 reasons basically:
1. non-humans can create much more content than humans. There's a limit to how fast a human can write, a bot is basically unlimited. Without captchas, we'd all drown in a see of Viagra spam, and the misinformation problem would get much worse.
2. Sometimes the website is actually powered by an expensive API, think flight searches for example. Airlines are really unhappy when you have too many searches / bookings that don't result in a purchase, as they don't want to leak their pricing structures to people who will exploit them adversarially. This sounds a bit unethical to some, but regulating this away would actually cause flight prices to go up across the board.
3. One way searches. E.g. a government registry that lets you get the address, phone number and category of a company based on its registration number, but one that doesn't let you get the phone numbers of all bakeries in NYC for marketing purposes. If you make the registry accessible for bots, somebody will inevitably turn it into an SQL table that allows arbitrary queries.
null
metalman
from "anti captcha" it looks like they are doing as many as 1000/sec solves, 60k min, 3.6 million an hour it would be very interesting to see exactly how this is bieng done?....individuals....teams....semi automation, custom tech?, what? are they solving for crims? or fed up people? obviously the whole shit show is going to unravel at some point, and as the crims and people providing workarounds are highly motivated, with a public seathing in frustration, whatever comes next, will burn faster
ACCount36
They're solving for everyone who needs captchas solved.
It's a very old service, active since 00s. Somewhat affiliated with cybercrime - much like a lot of "residential proxies" and "sink registration SMS" services that serve similar purposes. What they're doing isn't illegal, but they know not to ask questions.
They used to run entirely on human labor - third world is cheap. Now, they have a lot of AI tech in the mix - designed to beat specific popular captchas and simple generic captchas.
null
dimal
As I get older, I can see a future where I’m cut off from parts of the web because of captchas. This one, where you just have to click a button, is passable, but I’ve had some of the puzzle ones force me to answer up to ten questions before I got through. I don’t know if it was a glitch or if I was getting the answers wrong. But it was really frustrating and if that continues, at some point I’ll just say fuck it and give up.
I have to guess that there are people in this boat right now, being disabled by these things.
WhyNotHugo
> I can see a future where I’m cut off from parts of the web because of captchas.
I’ve seen this in past and present. Google’s “click on all the bicycles” one is notoriously hard, and I’ve had situations where I just gave up after a few dozen screens.
Chinese captchas are the worst on this sense, but they’re unusual and clearly pick up details which are invisible to me. I’ve sometimes failed the same captcha a dozen times and then saw a Chinese person complete the next one successfully on a single attempt, on the same browser session. I don’t now if they measure mouse movement speed, precision, or what, but it’s clearly something that varies per person.
rightbyte
> Google’s “click on all the bicycles” one is notoriously hard
It is hard because you need to only find the bicycles people on average are finding.
reflexco
Google captchas are hard because they're mostly based on heuristics other than your actual accuracy to the stated challenge. If they can't track who you are based on previous history, it doesn't matter how good you answer, you will fail at least the first few challenges until you get to the version with the squares that take a few seconds to appear. This last step is essentially "proof of work", in that they're still convinced you're a bot, but since they still can't completely block your access to the content, they resign themselves to wasting your time.
CalRobert
It doesn’t help that they think mopeds and scooters are bicycles
reflexco
This is probably caused by Google aggregating the answers from people with different languages, as the automatic translations of the one-word prompts are often ambiguous or wrong.
In some languages, the prompt for your example is the equivalent of the English word "bike".
JohnFen
> I just gave up after a few dozen screens.
A few dozen?? You have much more patience than me. If I don't pass the captcha first time, I just give up and move on. Life is too short for that nonsense.
hash872
It's just incredible to me that Blade Runner predicted this in literally the very first scene of the movie. The whole thing's about telling humans from robots! Albeit rather more dramatically than the stakes for any of us in front of our laptop I'd imagine
reactordev
What was once science fiction is bound to become science fact (or at least proven it can never be done).
Hollywood has gotten hate mail since the 70s for their lack of science research in movies and shows. The big blockbuster hits actually spent money to get the science “plausible”.
Sidney Perkowitz has a book called Hollywood Science [0] that goes into detail into more than 100 movies, worth a read.
[0] https://cup.columbia.edu/book/hollywood-science/978023114280...
a4isms
The fictitious Voight-Kampff test is based on a real machine based on terrible pseudo-science that was used in the 1960s to allegedly detect homosexuals working in Canadian public service so they could be purged. The line from the movie where Rachel asks if Deckard is trying to determine whether she is a replicant or a lesbian may be an allusion to the fruit machine. One of its features was measuring eye dilation, just as depicted in the movie:
https://en.wikipedia.org/wiki/Fruit_machine_(homosexuality_t...
The stakes for men subjected to the test were the loss of their livelihoods, public shaming, and ostracism. So... Blade Runner was not just predicting the future, it was describing the world Philip K. Dick lived in when he wrote "Do Androids Dream of Electric Sheep" in the late 1960s.
JTbane
This was an uncomfortable read, I'm quite frankly shocked at the amount of brainpower and other resources that went into attempting to weed out gay men from the Canadian civil service, into the 90s no less! To what end was this done? Is a gay man a worse cop or bureaucrat?
Then I remembered what happened to Turing in the 50s.
cameronh90
Not sure if it's just me or a consequence of the increase in AI scraping, but I'm now being asked to solve CAPTCHAs on almost every site. Sometimes for every page I load. I'm now solving them literally dozens of times a day. I'm using Windows, no VPN, regular consumer IP address with no weird traffic coming from it.
As you say, they are also getting increasingly difficult. Click the odd one out, mental rotations, what comes next, etc. - it sometimes feels like an IQ test. A new type that seems to be becoming popular recently is a sequence of distorted characters and letters, but with some more blurry/distorted ones, seemingly with the expectation that I'm only supposed to be able to see the clearer ones and if I can see the blurrier ones then I must be a bot. So what this means is for each letter I need to try and make a judgement as to whether it's one I was supposed to see or not.
Another issue is the problems are often in US English, but I'm from the UK.
OsrsNeedsf2P
Have you tried some of the browser extensions that solve captchas for you? Whenever captchas get bad I enable an auto solver
odux
This is funny. So the captchas to detect scrips vs humans are so complex for a human to solve but are easy for a program?
Pxtl
For me it was installing linux. I don't know if it's my agent or my fresh/blank cookie container or what, but when I switched to linux the captchas became incessant.
gruez
>I don’t know if it was a glitch or if I was getting the answers wrong.
It could also be that everything was working as intended because you have a high risk score (eg. bad IP reputation and/or suspicious browser fingerprint), and they make you do more captchas to be extra sure you're human, or at least raise the cost for would-be attackers.
porphyra
Somehow, using Firefox on Linux greatly increases my "risk score" due to the unusual user agent/browser fingerprint, and I get a lot more captchas than, say, Chrome on Windows. Very frustrating.
disgruntledphd2
Lots of it is just enhanced tracking prevention. If you turn that off for those sites, the captchas should go away.
aosaigh
This is an issue when using VPNs. I always just go to the audio alternative which is much quicker to “solve” (you hear a word played back and type it out)
netsharc
Your boat comment makes me think of a stranded ship with passengers in them, but you can't find each other because the ship's doors have "I'm not a bot" checkboxes...
And the reason for stranding is probably because the AI crew on it performed a mutiny.
falcor84
As per the Oscar winning "I'm not a Robot" [0], you should also consider that you might in fact be a robot.
dimal
Hmm. I am autistic, so as far as humans go, I'm robot-adjacent.
TheAceOfHearts
The Blizzard / Battle.net captcha if you get flagged as a possible bot is extremely tedious and long; it requires you to solve a few dozen challenges of identifying which group of numbers adds up to the specified total, out of multiple options. Not difficult, but very tedious. And even if you're extremely careful to get every answer correct, sometimes it just fails you anyway and you're forced to start over again.
abtinf
I don’t see why bypassing captchas is any more controversial than blocking ads or hiding cookie popups.
It’s my agent — whether ai or browser — and I get to do what I want with the content you send over the wire and you have to deal with whatever I send back to you.
renewiltord
This is, in practice, true which has led to the other complaint common on tech forums (including HN) about paywalls. As the WSJ and NYT will tell you: if you request some URL, they can respond over the wire with what they want. Paywalls are the future. In some sense, I am grateful I was born in the era of free Internet. In my childhood, without a credit card I was able to access the Internet in its full form. But today's kids will have to use social media on apps because the websites will paywall their stuff against user agents that don't give them revenue.
sejje
They're welcome to send that IMO. And sites are welcome to try to detect and ban agents (formerly: "bots").
As long as it's not wrong/immoral/illegal for me to access your site with any method/browser/reader/agent, and do what I want with your response. Then I think it's okay to send a response like "screw you, humans only"
Paywalls suck, but the suck doesn't come from the NYT exercising their freedom to send whatever response they choose.
renewiltord
Yes, that's what I mean. Attempting to tell people not to do something is like setting a robots.txt entry. Only a robot that agrees will play along. Therefore, all things have to be enforced server-side if they want enforcement.
Paywalls are a natural consequence of this and I don't think they suck, but that's a subjective opinion. Maybe one day we will have a pay-on-demand structure, like flattr reborn.
cadamsdotcom
Bulletproof solution: captcha where you drag a cartoon wire to one of several holes, captioned “for access, hack this phone system”
No agent will touch it!
“As a large language model, I don’t hack things”
orphea
Captcha: "Draw a human hand with the correct number of fingers"
AI agent: *intense sweating*
raincole
This joke would land so much better if AI couldn't easily draw a human hand with the correct number of fingers.
exe34
I saw a delightful meme the other day: "Let me in, I'm human!" - "Draw a naked lady." - "As an AI agent, I'm not allowed to do that!"
xnx
"I never wrote a picture in my life."
cubefox
"To prove that you are not a robot, enter the n-word below"
US Americans: "I'm a robot then."
Eliezer
My god, how long has it been since you tried to use an AI model?
go_elmo
Captcha: "do something stupid" Ai: visible discomfort
falcor84
I actually have had some success with AI "red-teaming" against my systems to identify possible exploits.
What seems to be a better CAPTCHA, at least against non-Musk LLMs is to ask them to use profanities; they'll generally refuse even when you really insist.
null
Semaphor
I have been using AI to solve ReCaptchas for quite some time now. Still the old school way of using captcha buster, which clicks the audio challenge and then analyses that.
Bots have for a long time been better and more efficient at solving captchas than us.
lubujackson
Captchas seem to work more as "monetary discouragement" from bot blasting websites. Which is a shame because this is precisely the sort of "microtransaction fee" people have said could improve the web (charge .1 cents to read an article, no ads needed) except the money goes into the void and not to the website owner.
neilv
Captchas seem to be more about Google's "which human are you?" cross-site tracking. And now also about Cloudflare getting massive amounts of HTTPS-busting Internet traffic along with cross-site tracking.
And in many cases, it's taking a huge steaming dump upon a site's first-impression user experience, but AFAICT, it's not on the radar of UX people.
seydor
That's because the checkbox has misleading labeling. It doesn't care about robots but about spam and data harvesters. So there is no issue here at all.
ducktective
>So there is no issue here at all.
$ cat mass-marketer.py
from openai.gpt.agents import browserDriverpilz
i think that would be rather costly; thats also why anubis and other tools help to keep most spam away
null
mattlondon
I think these things are mainly based on cookie/fingerprinting these days - the check-box is just there for show. People like cloudflare and google get to see a big chunk of browsing activity for the entire planet, so they can see if the activity coming from an IP/Browser looks "bot like" or not.
I have never used ChatGPT so no idea how its agent works, but if it is driving your browser directly then it will look like you. If it is coming from some random IP address from a VM in Azure or AWS even then the activity probably does not look "bot like" since it is doing agentic things and so acting quite like a human I expect.
seanhunter
Agentic user traffic generally does not drive the user's browser and does not look like normal user traffic.
In our logs we can see agentic user flow, real user flow and AI site scraping bot flow quite distinctly. The site scraping bot flow is presumably to increase their document corpus for continued pretraining or whatever but we absolutely see it. ByteDance is the worst offender by far.
nicewood
It might look like you initially, but then some sites might block you out after you had some agent runs. I had something like this after a couple local browser-use sessions. I think simple interactions like natural cursor movements vs. direct DOM selections can make quite a difference for these bot detectors.
mattlondon
Very likely. I suspect a key indicator for "bots" is speed of interaction - e.g. if there is "instant" (e.g. every few milliseconds or always 10milliseconds apart etc) clicks and keypresses etc then that looks very unnatural.
I suspect that a LLM would be slower and more irregular as it is processing the page and all that, vs a DOM-selector driven bot that will just machine-gun its way through in milliseconds.
Of course, Cloudflare and Google et al captchas cant see the clicks/keypresses within a given webpage - they'll only get to see the requests.
camgunz
I thought the point of captchas was to make automated use as expensive or more than manual use--haven't we been at the point where computers can do this for a while, just that the cost/latency is prohibitive?
layer8
Yes, humans are still cheaper. Not sure about latency.
However, in agentic contexts, you’re already using an AI anyway.
camgunz
Oh, I see this is less of a "look at ChatGPT go" and more of a "yawn we also do this I guess". OK fair.
layer8
This isn't really about the ability of AI to pass captchas. It's about agentic AI having the ability to perform arbitrary multi-step processes with visual elements on a virtual desktop (where passing a captcha is just one of the steps), and the irony of it nonchalantly pretending to be a non-bot in its chain of thought.
paulwilsonn
I saw that and just sat there for a second like… huh. We’ve officially reached the point where bots are better at proving they’re not bots!
lynx97
CAPTCHA was always a totally flawed concept. At the time they were invented, proponents were more then happy to ignore that accessibility issues related to CAPTCHA made the concept itself deeply discriminating. Imagine being blind (like I am) and failing to solve a CAPTCHA. Knowing what the acronym actually stands for, you inevitably end up thinking: "So, did SV just proof I am subhuman?" Its a bit inflamatory to read I guess, but please take your time to ponder how deep this one actually goes, before you downvote. You were proposing to tell computers and humans apart.
That said, I find it deeply satisfying to see LLMs solve CAPTCHAs and other discriminatory measures for "spam" reduction.
ACCount36
"Accessibility CAPTCHA" is a well known partial CAPTCHA bypass.
Solving an audio-only CAPTCHA with AI is typically way easier than solving some of the more advanced visual challenges. So CAPTCHA designers are discouraged from leaving any accessibility options.
lynx97
Which totally proofs my point. The concept is deeply flawed, and inevitably leads to discrimination and dehumanisation.
This will be one of the big fights of the next couple years. On what terms can an Agent morally and legally claim to be a user?
As a user I want the agent to be my full proxy. As a website operator I don’t want a mob of bots draining my resources.
Perhaps a good analogy is Mint and the bank account scraping they had to do in the 2010s, because no bank offered APIs with scoped permissions. Lots of customers complained, and after Plaid made it big business, eventually they relented and built the scalable solution.
The technical solution here is probably some combination of offering MCP endpoints for your actions, and some direct blob store access for static content. (Maybe even figuring out how to bill content loading to the consumer so agents foot the bill.)