NewsNation

Captchas are becoming more difficult to solve, but not for AI

(NewsNation) —You’ve seen them before: Those simple little tests many websites use to prove you’re a human.

Captchas are designed to stop bots, spam and hackers from accessing a website.


Lately, however, you may have noticed those once-easy tests have become increasingly harder to solve.

But much easier for computers.

They were created more than 25 years ago and are still a regular part of surfing the web. Thousands of websites use them to generate an estimated 200 million captchas per day.

It’s a massive part of our everchanging cybersecurity ecosystem.

“Captchas are old enough, though, that their age now is presenting a tremendous number of weaknesses,” said Sultan Meghji, CEO of Frontier Foundry. “Especially in the current generation of generative AI. These new generative AI systems, like OpenAI, are designed to create medium to low-quality, or in some cases, very high-quality, audio, video, text and pictures. And it perfectly aligns with the technology behind captchas.”

This arms race of sorts has reached a point where computers are far better at solving them than humans are.

The problem is captchas were created to be easy for humans and difficult for computers. It used to take the average person about 10 seconds to answer a captcha prompt.

The puzzles, however, have become increasingly more difficult to answer, and according to the Merchant Risk Council, the average consumer is now spending 25 seconds to complete the tests.

“Captchas haven’t been stagnant,” said Meghji. “They haven’t been sitting there for a decade just twiddling their thumbs; they’re continually advancing them. And as the bots and generative AI systems have gotten smarter and more targeted at breaking captchas, they’ve had to make them harder.”

That’s because the more difficult a website is to access, the more likely a consumer is to leave it. Studies show that the number of consumers who visit a website drops 40% when customers encounter captchas, making it harder for businesses to earn loyalty.

There’s also the chance that captchas could mistakenly block or discourage legitimate customers.

“Bots are 100% effective at breaking all of the currently deployed captchas,” said Meghji. “And humans are at about 50% and maybe as much as 80%.”

Google purchased captcha in 2009 and rebranded it Recaptcha. Even before AI and machine learning, spammers could create bots that correctly complete Recaptcha.

A 2014 study by Google found that AI robots were able to decode the captchas with nearly 100% accuracy and numbers in images with 90% accuracy. That was 10 years ago.

“It is only a matter of time before I can download something on my laptop and bypass captchas entirely,” Meghji said.