
The CAPTCHA, that ubiquitous checkbox asking “I’m not a robot”, has been a fixture of the web for two decades. But a growing body of evidence suggests it is no longer fit for purpose. In 2024, researchers at ETH Zurich achieved 100 percent accuracy on Google’s reCAPTCHA v2 using a modified YOLOv8 model. In 2026, Ng Chong, director of the UNU Campus Computing Centre, built a commodity tool running on a single laptop that bypasses reCAPTCHA v2, hCaptcha, and Cloudflare Turnstile in two to three seconds without triggering the image grid.
“When both the challenge and the behavioral layer are defeated by commodity tools running on a single laptop, the fundamental premise of CAPTCHA stops holding,” Ng Chong said.
The arms race
The CAPTCHA story began in 1997, when AltaVista deployed distorted text images to block automated signups, reducing spam by roughly 95 percent. Over the next decade, text CAPTCHAs grew progressively harder for both bots and humans, until deep learning models reached near-perfect accuracy on all common variants by 2018.
Google responded in December 2014 with reCAPTCHA v2, the familiar “I’m not a robot” checkbox backed by behavioral analysis (mouse movements, IP history, browser fingerprints, cookies). The real test was invisible; the image grid was a fallback. In 2018 came reCAPTCHA v3, which dispensed with the checkbox entirely, returning a score of 0.0 to 1.0 based on background signals.
Each advance has been met with a counter. Reinforcement learning broke reCAPTCHA v3 at 97 percent in 2019. The ETH Zurich study proved that the entire reCAPTCHA v2 pipeline, including the behavioral layer, could be fully automated.
Where things stand
As of 2026, the CAPTCHA landscape includes:
- reCAPTCHA v2, 100 percent broken (ETH Zurich, 2024; commodity tooling, 2026)
- reCAPTCHA v3, 60-80 percent bypass rate
- hCaptcha, 70-90 percent bypass rate
- Cloudflare Turnstile, 40-65 percent bypass rate
- Audio CAPTCHAs, 85-95 percent broken
- Distorted text, 100 percent broken
Industry data from the Merchant Risk Council reports 99.8 percent AI bypass rates for reCAPTCHA overall.
The economic incentives are clear: commercial CAPTCHA-solving APIs charge $0.50 to $2 per 1,000 solves. In 2025, AI-driven crawlers reached 57.5 percent of all web traffic, exceeding human traffic for the first time, according to Cloudflare Radar.
Beyond puzzles
The industry is moving toward invisible, friction-free verification. Cloudflare Turnstile uses cryptographic proof-of-work combined with browser-environment checks, resolving approximately 90 percent of loads without any user interaction. Apple’s Private Access Tokens provide device-level attestation. The IETF has standardized Privacy Pass (RFC 9576-9578), a blind-signature system that lets users solve one CAPTCHA to earn multiple anonymous tokens.
The most forward-looking approach is Web Bot Auth, an IETF draft spearheaded by Cloudflare that gives bots a cryptographic identity. Bots publish a public key at a well-known URL, and every outbound HTTP request carries an Ed25519 signature. Google, OpenAI, AWS WAF, and Vercel are already adopting it.
“Since we can no longer reliably distinguish humans from machines by testing puzzle-solving ability, we’re shifting to proving identity and intent through cryptographic and behavioral signals,” the article notes.
What remains
For now, CAPTCHAs persist because they are simple, cheap, and the status quo. But a 2023 study from UC Irvine found that humans collectively waste 819 million hours per year solving them, representing $6.1 billion in lost labor value. And they are actively discriminatory: visually impaired users face persistent accessibility barriers.
The era of the puzzle-based CAPTCHA is ending. In its place is a quieter, invisible verification layer, and an arms race that has moved from the user’s screen to the infrastructure beneath it.

