{"id":30880,"date":"2026-07-06T23:31:36","date_gmt":"2026-07-06T18:01:36","guid":{"rendered":"https:\/\/www.kaspersky.co.in\/blog\/?p=30880"},"modified":"2026-07-06T23:31:36","modified_gmt":"2026-07-06T18:01:36","slug":"why-captcha-is-disappearing","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.in\/blog\/why-captcha-is-disappearing\/30880\/","title":{"rendered":"AI beat CAPTCHA. What&#8217;s next?"},"content":{"rendered":"<p>CAPTCHAs as we know them popped up on our screens 26 years ago. While they\u2019ve evolved quite a bit since then, the core idea has always been the same: present users with a quick task that a human can solve in two seconds but that a computer can\u2019t.<\/p>\n<p>It all started with distorted text, math problems, and short audio clips. Then came the era of spotting fire hydrants, traffic lights, and motorcycles\u00a0\u2014 a phase that seemed like it would last forever. But as it turns out, modern LLMs can blast through these visual puzzles much faster and more accurately than any human ever could.<\/p>\n<p>Here\u2019s a look at how these \u201care you a human?\u201d tests have changed and what it means for your security.<\/p>\n<h2>The end of the image-clicking era<\/h2>\n<p>Back in 2007, Google rolled out <a href=\"https:\/\/developers.google.com\/recaptcha?hl=en\" target=\"_blank\" rel=\"noopener nofollow\">reCAPTCHA<\/a>, and eight years later, they added a test asking users to select all images matching a specific prompt. Just like that, millions of internet users inadvertently became experts at identifying traffic lights, bicycles, roofs, bridges, and fire hydrants. Of course, AI bots have long since learned how to crack these puzzles.<\/p>\n<p>Which is why in June 2026, Google started <a href=\"https:\/\/docs.cloud.google.com\/recaptcha\/docs\/hand-gesture-verification\" target=\"_blank\" rel=\"noopener nofollow\">testing<\/a> a brand-new way to check if you\u2019re human. Instead of the usual images, some users are now asked to record a short video showing hand gestures. Algorithms analyze the footage, tracking 21 key points across the hand and finger joints. By tracking how your hand moves, the system can tell if it\u2019s dealing with a real human or a bot. Passing this new type of CAPTCHA means granting camera access, something that raises a red flag for anyone concerned about security and privacy. Additionally, security researchers claim to have already <a href=\"https:\/\/cybernews.com\/security\/witty-users-google-hi-tech-captcha-hack\/\" target=\"_blank\" rel=\"noopener nofollow\">discovered a loophole in Google\u2019s experimental hand-gesture-based CAPTCHA<\/a>, demonstrating that it can be fooled using nothing more than a photo of a hand.<\/p>\n<p>Still, Google insists these videos are never linked to your personal identity, and no audio is recorded whatsoever. Their security policy also <a href=\"https:\/\/docs.cloud.google.com\/recaptcha\/docs\/hand-gesture-verification\" target=\"_blank\" rel=\"noopener nofollow\">states<\/a> that Google deletes all data as soon as the verification is complete. As always, whether you choose to trust Google is entirely up to you. We\u2019d just like to point you to our post, <a href=\"https:\/\/www.kaspersky.com\/blog\/is-it-safe-to-take-selfie-with-passport\/52479\/\" target=\"_blank\" rel=\"noopener nofollow\"><strong>Taking a selfie with your ID card \u2014 is it safe?<\/strong><\/a>, where we break down the exact risks of biometric verification using passport photos as an example.<\/p>\n<h2>What are the alternatives to reCAPTCHA?<\/h2>\n<p>While Google\u2019s reCAPTCHA is still the undisputed king of blocking bots, AI is forcing the world to adapt, and traditional CAPTCHAs are becoming a thing of the past. Here\u2019s a quick breakdown of alternative services and bot-blocking methods from a security perspective.<\/p>\n<h3>Behavioral analysis systems<\/h3>\n<p>One of the most advanced ways to protect a website from swarms of bots is a behavioral analysis system. This method automatically evaluates every single visitor by tracking mouse movements, clicking patterns, and digital fingerprints to spot human behavior. But even this isn\u2019t a silver bullet against bots; their operators can simply train them to mimic natural behavioral patterns, allowing the bots to easily bypass this type of defense again and again.<\/p>\n<p>For users, this isn\u2019t exactly great news when it comes to privacy. After all, nobody wants every website on the internet <a href=\"https:\/\/www.kaspersky.com\/blog\/web-beacons-explained-and-how-to-stop-them\/47281\/\" target=\"_blank\" rel=\"noopener nofollow\">collecting their device specs and tracking how they behave<\/a>. That said, you can\u2019t really call it full-blown surveillance either, as most of these systems aren\u2019t trying to figure out who you actually are, and their creators promise that they don\u2019t store your data or use it for marketing purposes. The main goal here is strictly to figure out who\u2019s just landed on the page: a human or a bot.<\/p>\n<h3>Turnstile and hCaptcha<\/h3>\n<p>Another major reCAPTCHA competitor is <a href=\"https:\/\/www.cloudflare.com\/products\/turnstile\/\" target=\"_blank\" rel=\"noopener nofollow\">Cloudflare Turnstile<\/a>. It handles verification in two ways: completely in the background or through minimal user action. You either don\u2019t have to do anything, or you just check a box that says \u201cI\u2019m not a robot.\u201d The main risk for users here boils down to <a href=\"https:\/\/www.kaspersky.com\/blog\/how-to-recognize-social-engineering\/56053\/\" target=\"_blank\" rel=\"noopener nofollow\">social engineering<\/a>. Hackers frequently use legitimate-looking CAPTCHAs on phishing sites. This lulls users into a false sense of security and prevents security scanners from flagging malicious pages.<\/p>\n<p>Then there\u2019s <a href=\"https:\/\/www.hcaptcha.com\/\" target=\"_blank\" rel=\"noopener nofollow\">hCaptcha<\/a>, a service that focuses heavily on security and, unlike reCAPTCHA and Turnstile, isn\u2019t owned by a tech giant.<\/p>\n<h3>Passkeys<\/h3>\n<p>Broadly speaking, every method and service mentioned so far follows the same blueprint: they collect your data, sometimes store it, and use it for other objectives. The main shift now is that they require less effort on your part. You don\u2019t have to look for fire hydrants or wave your hand at a camera. But you can take things a step further and eliminate CAPTCHAs entirely if a website supports passkeys.<\/p>\n<p>In this setup, you don\u2019t log in with a password; instead, you use cryptographic keys activated by your biometrics or a PIN, which usually makes an extra \u201cprove you are human\u201d check completely unnecessary. We broke down what exactly passkeys are, where they work, and how to use the technology in our post <a href=\"https:\/\/www.kaspersky.com\/blog\/full-guide-to-passkeys-in-2025-part-1\/53688\/\" target=\"_blank\" rel=\"noopener nofollow\"><strong>Passkeys in 2025: your complete guide to passwordless sign-in<\/strong><\/a>. If you want to store your passkeys and ensure they work seamlessly across all your devices, our <a href=\"https:\/\/www.kaspersky.co.in\/password-manager?icid=in_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\" rel=\"noopener\">password manager<\/a>\u00a0has you covered.<\/p>\n<p>Unfortunately, passkeys don\u2019t work in situations where you want to remain anonymous and browse without creating an account. Because of that, they can\u2019t replace CAPTCHAs entirely, but they still make life a whole lot easier for the vast majority of users.<\/p>\n<h2>How to protect your privacy<\/h2>\n<p>From a user\u2019s perspective, it makes almost no difference which bot-protection method a website decides to use. Let\u2019s be honest\u00a0\u2014 you\u2019re probably not going to leave a page just because it uses reCAPTCHA or a behavioral analysis system. What\u2019s more, when it comes to systems that run quietly in the background, you won\u2019t even know what kind of data they\u2019ve gathered about you and your device. But this doesn\u2019t mean your privacy is a lost cause.<\/p>\n<p>Our <a href=\"https:\/\/www.kaspersky.co.in\/standard?icid=in_bb2023-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kstand___\" target=\"_blank\" rel=\"noopener\">Kaspersky Standard<\/a>, <a href=\"https:\/\/www.kaspersky.co.in\/plus?icid=in_bb2023-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kplus___\" target=\"_blank\" rel=\"noopener\">Kaspersky Plus<\/a>, and <a href=\"https:\/\/www.kaspersky.co.in\/premium?icid=in_bb2023-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\" rel=\"noopener\">Kaspersky Premium<\/a>\u00a0apps for <a href=\"https:\/\/support.kaspersky.com\/kaspersky-for-windows\/21.25\/92436\" target=\"_blank\" rel=\"noopener\"><strong>Windows<\/strong><\/a> and <a href=\"https:\/\/support.kaspersky.com\/kaspersky-for-mac\/27\/112161\" target=\"_blank\" rel=\"noopener\"><strong>macOS<\/strong><\/a> include <strong>Private Browsing. <\/strong>The feature blocks third-party websites from tracking your online activity in real time. For mobile privacy, you can rely on <strong>Social Privacy<\/strong> (<a href=\"https:\/\/support.kaspersky.com\/kaspersky-for-android\/11.132\/231508\" target=\"_blank\" rel=\"noopener\"><strong>Android<\/strong><\/a><strong>, <\/strong><a href=\"https:\/\/support.kaspersky.com\/kaspersky-for-ios\/2.108\/231508?page=help\" target=\"_blank\" rel=\"noopener\"><strong>iOS<\/strong><\/a>). Additionally, Android devices running version 9 or higher include the <a href=\"https:\/\/support.kaspersky.com\/kaspersky-for-android\/11.132\/276067\" target=\"_blank\" rel=\"noopener\"><strong>Who\u2019s Spying On Me<\/strong><\/a> feature available in select regions. This tool detects stalkerware, checks for hidden tracking tags, and reviews app permissions that make it easier to spy on you.<\/p>\n<p>Finally, <a href=\"https:\/\/www.kaspersky.co.in\/password-manager?icid=in_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\" rel=\"noopener\">our password manager<\/a> has your back when a phishing site uses a real CAPTCHA to look legitimate\u00a0\u2014 <a href=\"https:\/\/www.kaspersky.co.in\/password-manager?icid=in_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\" rel=\"noopener\">Kaspersky Password Manager<\/a>\u00a0won\u2019t let you auto-fill your username and password on it. Here\u2019s what else you can do to keep your data private:<\/p>\n<ul>\n<li><strong>Don\u2019t enter your data on a site just because it\u2019s protected by a CAPTCHA.<\/strong> Scammers have been using real reCAPTCHAs, hCaptchas, and Turnstiles on phishing pages for a long time to build trust.<\/li>\n<li><strong>Switch to passkeys whenever possible.<\/strong> They don\u2019t work on phishing sites and significantly reduce the risk of your data and behavioral patterns being harvested.<\/li>\n<\/ul>\n<blockquote><p>We\u2019ve put together an essential list of other technologies that are on their way out:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/passwords-hacking-research-2026\/55743\/\" target=\"_blank\" rel=\"noopener nofollow\">Cracked in under a minute: (nearly) every other password<\/a><\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/rsa2021-captcha-is-dead\/40054\/\" target=\"_blank\" rel=\"noopener nofollow\">RIP, CAPTCHA<\/a><\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/when-two-factor-authentication-useless\/51434\/\" target=\"_blank\" rel=\"noopener nofollow\">When two-factor authentication is useless<\/a><\/li>\n<\/ul>\n<\/blockquote>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"premium-generic\">\n","protected":false},"excerpt":{"rendered":"<p>For over a decade, internet users have had to squint at blurry fire hydrants, bridges, and bicycles \u2014 until AI came along. What&#8217;s next for the CAPTCHA?<\/p>\n","protected":false},"author":2754,"featured_media":30881,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1855],"tags":[1094,1522,22,3324,43,97,1898],"class_list":{"0":"post-30880","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-privacy","8":"tag-ai","9":"tag-captcha","10":"tag-google","11":"tag-passkeys","12":"tag-privacy","13":"tag-security-2","14":"tag-tips"},"hreflang":[{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/why-captcha-is-disappearing\/30880\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/why-captcha-is-disappearing\/25915\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/why-captcha-is-disappearing\/30717\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/why-captcha-is-disappearing\/42229\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/why-captcha-is-disappearing\/56089\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/why-captcha-is-disappearing\/30825\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/why-captcha-is-disappearing\/36383\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/why-captcha-is-disappearing\/36279\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.in\/blog\/tag\/captcha\/","name":"Captcha"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/30880","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/users\/2754"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/comments?post=30880"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/30880\/revisions"}],"predecessor-version":[{"id":30882,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/30880\/revisions\/30882"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media\/30881"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media?parent=30880"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/categories?post=30880"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/tags?post=30880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}