Full text
When you click to enter a website or try to log in or fill out a form, you may be asked to identify motorcycles from a grid of grainy images, decipher a string of convoluted characters, or click a box that states "I am not a robot."
These tests are called CAPTCHAs, which stands for "Completely Automated Public Turing test to tell Computers and Humans Apart." As their name suggests, they are meant to help a website distinguish if an action is coming from a human or a bot, since the aforementioned tasks are theoretically easy for a human and difficult for automated software to perform. This, in turn, blocks bots from spamming comments, downloading files, taking over accounts, or executing any other action on a website.
But as computer models increasingly gain the ability to solve CAPTCHAs, thanks to advancing artificial intelligence (AI) — and with puzzles getting weirder and more difficult for humans to complete — does this mean CAPTCHAs are still useful?
Sign up for our newsletter
(Image credit: Marilyn Perkins / Future) Sign up for our weekly Life's Little Mysteries newsletter to get the latest mysteries before they appear online.
CAPTCHAs were introduced in the late 1990s to address "a very simple, but very difficult problem," Andreas Plesner , a computer scientist at ETH Zurich, told Live Science. "If I don't interact with a person physically … is it a computer? Or is it human?" Some of the first CAPTCHAs, still common on websites today, were composed of distorted text, since text-reading software at that time had trouble interpreting warped words.
But over time, text-reading software improved and new types of CAPTCHAs were developed. For instance, reCAPTCHA, one of the most popular CAPTCHA services, has an image-based test that asks users to identify objects such as traffic lights, motorcycles or bicycles from a grid of Google Street View photos. This was developed after Google acquired the service in 2009.
"The bet was that recognizing objects in messy, real-world photos was still a uniquely human skill," Ng Chong , chief of information technology and director of United Nations University's Campus Computing Centre in Tokyo, told Live Science in an email.
As time went on, CAPTCHA design continued to advance. In 2014, Google came out with reCAPTCHA v2, which analyzed computer mouse behavior by asking people to click a checkbox to test if a user was human. If the behavior is deemed suspicious, determined by factors like how a user interacts with the site beforehand or the timing of their click, the street-image grid pops up as an additional puzzle.
However, more recently, technology has improved to a point where image recognition is no longer a human-specific skill. As early as 2016, researchers found that low-cost deep learning technologies could solve reCAPTCHAv2 around 70% of the time . By 2024, Plesner and his colleagues developed an AI model that could solve the puzzles correctly 100% of the time. Earlier in 2026, Chong noted that he built a tool that could mimic human-like browsing behavior and sometimes bypass reCAPTCHA v2 without triggering the image grid at all. When the grid was triggered, the tool used AI to solve it within a few tries.
"When both the challenge and the behavioral layer are defeated by commodity tools running on a single laptop, the fundamental premise of CAPTCHA, that there are tasks humans can do but machines can't, stops holding," Chong wrote.
"Real World Captchas" appeared in major cities around the world in April 2025. (Image credit: Gerald Matzka / Stringer via Getty Images) Looking ahead
So does that mean CAPTCHAs are completely obsolete? Not quite. Although the model Plesner and his colleagues developed breezed past reCAPTCHAv2, "there were a lot of the safety measures that were not tied to being able to solve it, but more tied to how you solve it," he said. For example, while conducting their research, Plesner noted that his team used a virtual private network (VPN) that changed IP addresses for each test, since a single IP address with a high volume of solved CAPTCHAs faced tasks with increasing difficulty, or got blocked entirely.
Modern CAPTCHAs focus on these background clues and tactics, rather than the puzzle itself. This includes Google's reCAPTCHA v3 , Friendly CAPTCHA, hCAPTCHA and Cloudflare's Turnstile, among others, which run without sending a puzzle at all. They instead look at whether the action is coming from a real attested device (rather than from automated code), whether an IP address has had a high volume of automated requests in the past, how a user navigates a webpage, what the user's cookie history is, and a slew of other factors to determine possible malicious intent.
Related mysteries
Why do AI chatbots use so much energy?
Could there ever be a worldwide internet outage?
Will we ever have quantum laptops?
As the tug-of-war continues, CAPTCHA puzzles are still widespread. After all, they’ve been the status quo for decades, are easy to set up and are relatively cost-effective, Chong said. But these tasks have some other drawbacks. Although bots can increasingly solve the puzzles with ease, CAPTCHAs can be a headache to get through for humans and can be seen as discriminatory against those with disabilities, notably visual disabilities , as a researcher noted in a 2022 conference paper .
The crescendoing complexity of CAPTCHA puzzles has even been the subject of parody, with developer Neal Agarwal creating a free satirical game called " I'm Not a Robot ." Users must solve a series of increasingly convoluted verification checks — scoring a point for each stage they pass, which eventually transcend into the absurd.
So, as machines get smarter, the answer may not be to find more difficult puzzles. "If a CAPTCHA can only be solved by someone with a Ph.D. in mathematics, then it's not very useful," Plesner said. "The internet needs to be used by everyone."
Can you match these ancient devices to their pictures? Find out with our computing quiz!
Comments
No comments yet — be the first to weigh in 👇
No comments yet. Be the first!