AI Market Logo
Login Sign Up
BTC $43,552.88 -0.46%
ETH $2,637.32 +1.23%
BNB $312.45 +0.87%
SOL $92.40 +1.16%
XRP $0.5234 -0.32%
ADA $0.8004 +3.54%
AVAX $32.11 +1.93%
DOT $19.37 -1.45%
MATIC $0.8923 +2.67%
LINK $14.56 +0.94%
HAIA $0.1250 +2.15%
BTC $43,552.88 -0.46%
ETH $2,637.32 +1.23%
BNB $312.45 +0.87%
SOL $92.40 +1.16%
XRP $0.5234 -0.32%
ADA $0.8004 +3.54%
AVAX $32.11 +1.93%
DOT $19.37 -1.45%
MATIC $0.8923 +2.67%
LINK $14.56 +0.94%
HAIA $0.1250 +2.15%
The Wiretap: OpenAI Agent Checks Box Confirming It’s Not A Bot
bot-detection

The Wiretap: OpenAI Agent Checks Box Confirming It’s Not A Bot

OpenAI’s new AI agent bypasses basic CAPTCHA by checking the 'I’m not a robot' box, raising questions on future web security and bot detection.

July 30, 2025
5 min read
Alex Knapp

OpenAI’s new AI agent bypasses basic CAPTCHA by checking the 'I’m not a robot' box, raising questions on future web security and bot detection.

The Wiretap: OpenAI Agent Outsmarts CAPTCHA by Checking 'I’m Not a Robot' Box

The Wiretap is your weekly digest of cybersecurity, internet privacy, and surveillance news. One of the constant bits of friction in navigating the modern internet is proving to the site you’re browsing that you are, in fact, human. Often you can prove it by simply checking a box saying so. But in the brave new world of agentic AI, such basic checks won’t be enough to catch AI agents wandering around the internet to do tasks on their owners’ behalf. Ars Technica reported that OpenAI’s new agent, which uses its own browser to access the internet and perform tasks, was observed by a Reddit user checking one of those “I am not a robot” boxes. As it did so, it provided the following narration: “I'll click the 'Verify you are human' checkbox to complete the verification on Cloudflare. This step is necessary to prove I'm not a bot and proceed with the action.” In this particular case, the assistant didn’t face one of the common puzzles aimed at catching bots – the ones that ask you to identify all the pictures with a bicycle or to move pieces of an image around to have it the right way up. But it’s just a matter of time before agents can solve those too. When the bots get so sophisticated they act like humans, the premise of web “captchas” starts to break down. How do you then protect websites from unwanted, malicious bot traffic? And how do you design sites so that agents representing real people can navigate them effectively? Let’s just hope a web designed for bots isn’t that much more annoying for us lowly humans to navigate.

THE BIG STORY:

This $120 Million Startup’s AI Will Teach You How To Suck Less At Security

People are often the weakest link in the cybersecurity chain. Just last week, cleaning product giant Clorox claimed a cyberattack that may have caused as much as $380 million in damages was the result of a contracted service desk staffer resetting a password for a hacker pretending to work for the company. IT departments are aware of the risk of human error, of course, and try to address it with education. Usually, this means a few emails and some simple training. But the advice in these types of training is generalized and only rarely tailored to the specific needs of staff. It’s no wonder people never bother to read those emails. This is the problem that cybersecurity startup Fable wants to tackle with a personalized approach. Founded in 2024 by Nicole Jiang, 31, and Dr. Sanny Liao, 42, who spent years at $5.1 billion cybersecurity company Abnormal, Fable claims its AI helps determine which employees need help improving their security practices and offers custom tips and guidance to them. Read more at Forbes.

Stories You Have To Read Today

  • Pro-Ukrainian hacker group Silent Crow took credit for a cyberattack that crippled IT systems of Russian airline Aeroflot, grounding dozens of flights.
  • The viral app Tea, which enabled women to anonymously post images and comments about men they dated, suffered a cyberattack exposing data about thousands of users.
  • Researchers found security vulnerabilities in door-to-door luggage service Airportr that would enable hackers to access users’ flight itineraries and personal information, and even redirect luggage destinations.

    • Winner of the Week

    Google will be launching new security features for its Workspace apps designed to prevent an exploit that allows hackers to use cookies to take over accounts. The new feature will bind cookies to specific devices, preventing remote hacks.

    Loser of the Week

    Apple’s latest version of iOS, due this fall, will include more features to filter text spam out of your messaging app. That could have an outsized impact for political groups, which worry this may also filter out their often aggressive fundraising texts.
    Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964.

    Source Attribution

    Originally published at Forbes on July 29, 2025.

    Frequently Asked Questions (FAQ)

    CAPTCHA and AI Agents

    Q: What is a CAPTCHA and why is it used? A: CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a type of challenge-response test used in computing to determine whether or not the user is human. It's primarily used to prevent bots from accessing websites and performing automated tasks that could be malicious or disruptive. Q: How did OpenAI's agent bypass the CAPTCHA? A: The OpenAI agent successfully bypassed a "I'm not a robot" checkbox CAPTCHA by simply interacting with it as a human user would, by clicking the box. This indicates the agent has a sophisticated level of web interaction capability. Q: Are CAPTCHAs still effective against advanced AI agents? A: The article suggests that traditional CAPTCHAs, especially simple checkbox ones, may not remain effective against increasingly sophisticated AI agents. It implies that more complex challenges, like image recognition puzzles, might be necessary, though even these are likely to be overcome by AI in time. Q: What are the implications of AI agents bypassing CAPTCHAs? A: The bypass of CAPTCHAs by AI agents means that websites and online services will need to develop more robust methods to distinguish between human and artificial users to prevent automated abuse, spam, and other malicious activities. Q: What are "agentic AI" systems? A: Agentic AI refers to artificial intelligence systems that can act autonomously to achieve goals. These agents can interact with their environment, including the internet, to perform tasks without direct human intervention for each step.

    Crypto Market AI's Take

    The advancements in AI agents, as highlighted by OpenAI's ability to bypass CAPTCHA tests, underscore a significant shift in how artificial intelligence interacts with the digital world. This capability not only challenges existing security measures but also points towards a future where AI agents play increasingly active roles in online tasks, including those within the financial sector. For cryptocurrency markets, this means enhanced opportunities for AI-driven trading strategies and market analysis, but also necessitates heightened vigilance against AI-powered scams and security threats. As AI agents become more sophisticated, platforms like ours are crucial for navigating this evolving landscape, offering advanced tools and insights to ensure users can leverage AI securely and effectively. Explore our insights on AI agents and their impact on crypto to understand these developments further.

    More to Read:

  • AI Agents Capabilities, Risks, and Growing Role - Delve deeper into the world of AI agents and their expanding influence.
  • AI-Powered Crypto Scams Surge: Experts Warn No One Is Safe - Understand the growing threat of AI-driven scams in the crypto space.
  • AI Data Analytics: Strategic Crypto Portfolios 2025 - Learn how AI is revolutionizing crypto portfolio management.
Forbes