An ETH Zurich team built a CAPTCHA solver that cracks reCAPTCHA v2 100% by 2024
The puzzle layer is getting obsolete. Companies are shifting from “can you solve this” to “can you prove you’re real.”

Andreas Plesner, a computer scientist at ETH Zurich, and his colleagues developed an AI model that could solve reCAPTCHAv2 puzzles correctly 100% of the time by 2024. The shift forces decision-makers to rethink CAPTCHA defenses, because commodity tools can defeat both challenge and behavior checks.
CAPTCHAs were built on a simple idea: humans can do certain tasks, but automated software cannot. That premise is cracking fast. In 2024, Andreas Plesner and colleagues at ETH Zurich developed an AI model that could solve reCAPTCHAv2 puzzles correctly 100% of the time, according to Live Science.
The real kicker is what that implies for security design. Chong Ng, chief of information technology and director of United Nations University's Campus Computing Centre in Tokyo, previously noted that he built a tool that could mimic human-like browsing behavior and sometimes bypass reCAPTCHA v2 without triggering the image grid at all. When the grid was triggered, his tool used AI to solve it within a few tries. The upshot: when both the “challenge” and the “behavioral layer” are defeated by commodity tools running on a single laptop, the fundamental CAPTCHA assumption starts to fail.
To understand why this matters, rewind to what CAPTCHAs were trying to do. The acronym stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.” The tests are usually deployed when you log in, fill out a form, or interact with a site in a way that can be abused. They block bots from spam, automated downloading, account takeover, and other automated actions. Early CAPTCHA formats leaned on distorted text because, in the late 1990s, text-reading software struggled with warped words. Over time, attackers caught up. So CAPTCHA designers changed the puzzle. The cat-and-mouse dynamic became the whole business.
That’s where reCAPTCHA comes in. One of the best known versions, developed after Google acquired reCAPTCHA in 2009, used image-based puzzles. Users had to identify objects such as traffic lights, motorcycles, or bicycles from a grid of Google Street View photos. The bet, as Chong Ng told Live Science in an email, was that recognizing objects in messy real-world photos would still be a uniquely human skill. By 2014, reCAPTCHA v2 went further. It analyzed computer mouse behavior when users clicked a checkbox, then only showed the image grid if the behavior looked suspicious based on factors like timing and how the user interacted with the site beforehand.
Then came the AI timeline that makes today’s CAPTCHA strategy feel like it’s running on old maps. Researchers found as early as 2016 that low-cost deep learning technologies could solve reCAPTCHAv2 about 70% of the time. By 2024, Plesner’s team got to 100% correct on the puzzles. And in 2026, Chong Ng highlighted an approach that could bypass the image grid sometimes by mimicking human browsing behavior, with AI only needed when the grid did appear. That makes CAPTCHAs less like a wall and more like a speed bump that attackers can learn.
So are CAPTCHAs obsolete? Not entirely. Plesner pointed out that even if the model breezed past reCAPTCHAv2’s puzzle layer, there were safety measures not tied to being able to solve the puzzle. Instead, they were tied to how the challenge was solved, including rate limiting and blocking patterns. For example, during their research, Plesner noted the team used a virtual private network (VPN) that changed IP addresses for each test, because a single IP address sending a high volume of solved CAPTCHAs would face escalating difficulty or could get blocked entirely.
That is why modern CAPTCHA systems are moving toward “background clues” and away from forcing humans to solve increasingly weird puzzles. Instead of always showing a test, newer approaches like Google’s reCAPTCHA v3, Friendly CAPTCHA, hCAPTCHA, and Cloudflare’s Turnstile run without sending a puzzle. They evaluate whether an action is coming from a real attested device, whether an IP has a history of high-volume automated requests, how the user navigates a webpage, what the cookie history looks like, and other signals that point to possible malicious intent.
This shift matters beyond security teams. There are human factors and policy factors in the mix. As puzzle complexity has risen, CAPTCHAs have become a headache for humans and have been criticized as discriminatory against people with disabilities, notably visual disabilities, as a researcher noted in a 2022 conference paper. The arms race has even spilled into culture. Developer Neal Agarwal created a satirical game called “I’m Not a Robot,” where players solve increasingly convoluted verification steps that eventually get absurd. The joke is funny, but it also highlights a serious problem: if CAPTCHA puzzles become too hard, the internet becomes harder to use for everyone.
The strategic lesson for executives is blunt. When Plesner said, “If a CAPTCHA can only be solved by someone with a Ph.D. in mathematics, then it's not very useful,” he was pointing at the core business risk: friction. The internet “needs to be used by everyone.” As machines get smarter, the defense cannot rely on puzzle difficulty alone. It has to rely on behavioral integrity, device attestation, and fraud detection that scales, without turning user experience into a tax.
And for operators who manage risk, identity, and revenue, this is the moment to take CAPTCHA design seriously as a systems problem, not a widget. Chong Ng wrote that “Real World Captchas” appeared in major cities around the world in April 2025, but the real-world implication is digital: attackers can iterate. Boards should expect ongoing CAPTCHA migration, because a defense that works on one laptop class can get replicated across millions. The premise is unraveling. The winners will be the companies that modernize the whole pipeline, not just the puzzle.
This story's Key Insights and Take-aways are locked.
Create a free account to unlock Executive Actions for one credit.
Register to UnlockAlways free for Executives Club members. Join the Club
More in Technology

Fanfiction groups launch AI hunting drive, but detection flags any writer as collateral
A new “fanworks” push aims to expose generative-AI fanfic, yet its questionable detection can misfire on real authors.

Attested TLS lets attackers reroute “trusted” servers; it breaks real confidential AI links
Two years of formal verification found intra-handshake attestation fails, enabling relay attacks across production deployments.

Bold Metrics’ Morgan Linton uses cheaper models strategically, not tokenmaxxing
The model-switching playbook is replacing “use AI nonstop” as costs, bills, and caps force smarter routing.

