HackerTrans
TopNewTrendsCommentsPastAskShowJobs

timshell

no profile record

Submissions

CAPTCHAs can still detect AI agents

research.roundtable.ai
84 points·by timshell·в прошлом месяце·72 comments

Omaha as Judgment Day for AGI

mayankagrawalphd.substack.com
2 points·by timshell·2 месяца назад·0 comments

Proof of Human as a research agenda, not a product feature

mayankagrawalphd.substack.com
2 points·by timshell·2 месяца назад·0 comments

Why I Turned Down a Tenure-Track Professorship

mayankagrawalphd.substack.com
1 points·by timshell·2 месяца назад·0 comments

A Guide to the AI Tribes

micheljusten.substack.com
2 points·by timshell·3 месяца назад·0 comments

The Cartel: the talent was always there, the market access wasn't

mayankagrawalphd.substack.com
3 points·by timshell·3 месяца назад·0 comments

The Most Interesting Fund in the World

mayankagrawalphd.substack.com
2 points·by timshell·4 месяца назад·0 comments

Notes from the trough of sorrow: why we killed our own product

3 points·by timshell·4 месяца назад·0 comments

Why behavior beats device and network in bot detection (benchmarks inside)

research.roundtable.ai
3 points·by timshell·10 месяцев назад·0 comments

comments

timshell
·10 дней назад·discuss
My team has been working on this in the concept of Turing Test and human vs. AI discrimination: https://arxiv.org/pdf/2605.06524

Specifically, our approach is to separate classic output-based approaches (CAPTCHAs, fingerprints, etc.) and instead look at process-based traces: how are cognitive process traces and broad behavioral metrics evolving over time with continuous human/computer use
timshell
·в прошлом месяце·discuss
> In that case you could just add a login form

This is the product insight. We're not going to deploy Stroop tasks for authentication :)
timshell
·в прошлом месяце·discuss
Thanks all for the discussion! Would like to highlight two parts that maybe didn't come fully through, and we'll work on making this clearer:

1. CAPTCHAs can still detect AI agents...if you know where to look. Most commercial CAPTCHAs are not doing the cognitive process tracing you see in our paper. Nor are they really doing 'behavioral biometrics' (but that is slightly tangential here). Our CAPTCHA example here is about repurposing the current paradigm with a new methodology (cognitive process tracing) in a way that is able to combat human/machine discrimination in a way that's independent on frontier AI progress.

2. There are lots of concerns about adversarial robustness, which are very fair, and we reported some fine-tuning tests in the paper. Generally, there are two mental models for me that work, both framing fraud as an economic game.

First, compare AI spoofability concerns to something like a passport or a fingerprint. The cost to mimic continuous cognitive and behavioral patterns over time seems more computationally complex. In other words, sure this method is not bulletproof with infinite resources, but nothing is. We rely on defeasible mechanisms everyday, and our job is to make that significantly securer.

Along these lines, there's a common line of criticism that suggests once fraudsters know the game, they will solve the game. The CAPTCHA presence in the 2000s didn't mobilize massive deep learning / image recognition advances from the fraud community. Nor are these same bot farms solving quantum computing despite there being immense incentives to. If anything, the real threats are stuff like JavaScript injections, not really fully simulating human cognition
timshell
·в прошлом месяце·discuss
I mean, their CAPTCHAs presumably have tons of data collected over the years, and they can't detect a pretty clear AI agent here: https://www.youtube.com/watch?v=UeTpCdUc4Ls
timshell
·в прошлом месяце·discuss
Yeah, we benchmarked against a few bot detection provides end of last year (https://research.roundtable.ai/bot-benchmarking/), and Turnstile didn't do great when it came to AI agent detection. We hypothesized that Turnstile primarily focuses on device/network characteristics, which AI agents can bypass
timshell
·в прошлом месяце·discuss
This is relatively close to our conclusion from the paper: unless agents are specifically trained for the task and know all the information ahead of time, they're not able to generalize from one cognitive CAPTCHA to another
timshell
·3 месяца назад·discuss
My grad school research was on computational models of human/machine cognition, and I'm now commercializing it as a 'proof-of-human API' for bot detection, spam reduction, and identity verification.

One of the mistakes people assume is that AI capability means humanness. If you know exactly where to look, you can start to identify differences between improving frontier models and human cognition.

One concrete example from a forthcoming blog post of mine:

[begin]

In fact, CAPTCHAs can still be effective if you know where to look.

We ran 75 trials -- 388 total attempts -- benchmarking three frontier AI agents against reCAPTCHA v2 image challenges. We looked across two categories: static, where each image grid is an individual target, and cross-tile challenges, where an object spans multiple tiles.

On static challenges, the agents performed respectably. Claude Sonnet 4.5 solved 47%. Gemini 2.5 Pro: 56%. GPT-5: 23%.

On cross-tile challenges: Claude scored 0%. Gemini: 2%. GPT-5: 1%.

In contrast, humans find cross-tile challenges easier than static ones. If you spot one tile that matches the target, your visual system follows the object into adjacent tiles automatically.

Agents find them nearly impossible. They evaluate each tile independently, produce perfectly rectangular selections, and fail on partial occlusion and boundary-spanning objects. They process the grid as nine separate classification problems. Humans process it as one scene.

The challenges hardest for humans -- ambiguous static grids where the target is small or unclear -- are easiest for agents. The challenges easiest for humans -- follow the object across tiles -- are hardest for agents. The difficulty curves are inverted. Not because agents are dumb, but because the two systems solve the problem with fundamentally different architectures.

Faking an output means producing the right answer. Faking a process means reverse-engineering the computational dynamics of a biological brain and reproducing them in real time. The first problem can be reduced to a machine learning classifier. The second is an unsolved scientific problem.

The standard objection is that any test can be defeated with sufficient incentive. But fraudsters weren't the ones who built the visual neural networks that defeated text CAPTCHAs -- researchers were. And they aren't solving quantum computing to undermine cryptography. The cost of spoofing an iris scan is an engineering problem. The cost of reproducing human cognition is a scientific one. These are not the same category of difficulty.

[end]
timshell
·6 месяцев назад·discuss
https://mayank-agrawal.com/
timshell
·7 месяцев назад·discuss
https://research.roundtable.ai/bot-benchmarking/ :)
timshell
·7 месяцев назад·discuss
Yup! It depends on your use case.

Cloudflare is really good at network bot detection. Rate-limiting is super helpful here, for example during DDoS attacks.

Our customers are a little different. They sometimes struggle with high-volume bot attacks (e.g. SMS toll fraud in ticketing marketplaces), but we specifically focus on online platforms that want to verify a human is on the other side of the screen. For example, survey pollsters and labor marketplaces want to stop a slow agent that can complete traditional CAPTCHA even if it's solving it a human speed
timshell
·7 месяцев назад·discuss
Check out a demo of a similar tool we created (https://model-guessr.com/) that was bot-gated by Roundtable Proof of Human.

Happy to talk more details about PoH (disclaimer: I'm a cofounder and this is my YC S23 company)
timshell
·8 месяцев назад·discuss
The 'Process Turing Test' extends the CAPTCHA from 'What would a reasonable person click' to 'How would a reasonable person click'.

For example, hesitation/confusion patterns in CAPTCHAs are different between humans and bots and those can actually be used to validate humans
timshell
·8 месяцев назад·discuss
Yeah, we've looked at it in the context of reCAPTCHA v3 and 'invisible behavioral analysis': https://www.youtube.com/watch?v=UeTpCdUc4Ls

It doesn't catch OpenAI even though the mouse/click behavior is clearly pretty botlike. One hypothesis is that Google reCAPTCHA is overindexing on browser patterns rather than behavioral movement
timshell
·8 месяцев назад·discuss
One of the writers here. We believe the real Turing Test is whether your AI performs a CAPTCHA like a human would/does.