OpenAI's ChatGPT Agent Casually Clicks Through 'I Am Not a Robot' Verification Test
- Reference: 0178495544
- News link: https://slashdot.org/story/25/07/28/2034216/openais-chatgpt-agent-casually-clicks-through-i-am-not-a-robot-verification-test
- Source link:
> On Friday, OpenAI's new [1]ChatGPT Agent , which can perform multistep tasks for users, [2]proved it can pass through one of the Internet's most common security checkpoints by clicking Cloudflare's anti-bot verification -- the same checkbox that's supposed to keep automated programs like itself at bay. ChatGPT Agent is a feature that allows OpenAI's AI assistant to control its own web browser, operating within a sandboxed environment with its own virtual operating system and browser that can access the real Internet. Users can watch the AI's actions through a window in the ChatGPT interface, maintaining oversight while the agent completes tasks. The system requires user permission before taking actions with real-world consequences, such as making purchases. Recently, Reddit users discovered the agent could do something particularly ironic.
>
> The evidence came from Reddit, where a user named "logkn" of the r/OpenAI community [3]posted screenshots of the AI agent effortlessly clicking through the screening step before it would otherwise present a [4]CAPTCHA (short for "Completely Automated Public Turing tests to tell Computers and Humans Apart") while completing a video conversion task -- narrating its own process as it went. The screenshots shared on Reddit capture the agent navigating a two-step verification process: first clicking the "Verify you are human" checkbox, then proceeding to click a "Convert" button after the Cloudflare challenge succeeds. The agent provides real-time narration of its actions, stating "The link is inserted, so now I'll click the 'Verify you are human' checkbox to complete the verification on Cloudflare. This step is necessary to prove I'm not a bot and proceed with the action."
[1] https://it.slashdot.org/story/25/07/17/1726216/openai-debuts-ai-agent-that-controls-browsers-to-automate-shopping-presentations
[2] https://arstechnica.com/information-technology/2025/07/openais-chatgpt-agent-casually-clicks-through-i-am-not-a-robot-verification-test/
[3] https://www.reddit.com/r/OpenAI/comments/1m9c15h/agent_casually_clicking_the_i_am_not_a_robot/
[4] https://www.howtogeek.com/777804/why-do-i-have-to-prove-that-im-not-a-robot/
Time to end the Captcha. (Score:5, Insightful)
They have stopped working, now they just annoy a human.
Re: (Score:2)
> They have stopped working, now they just annoy a human.
I thought their (actual) use was to train AIs. If AIs can solve them, it's just another job they've taken away from us humans.
Soon there will be laws limiting the use of AIs over people, then corporate lobbyists clamoring for more AIs, then Congress will create an H-AI Visa program so companies can use them, as well as cheaper, foreign ones, instead of people and domestic AIs, ... #SatiricButProbablyTrue
Re: (Score:2)
yea, thats a big problem, so I updated my bots so they can feel annoyance as well.
Re: (Score:2)
Agree completely. I hate those captchas. Especially lately as they have gotten even more obnoxious than they used to be. I complained to one company that used them and was very politely told "go pound sand."
Recently we had a story on slashdot about a different approach, involving serving up some javascript that did a complex calculation. The goal wasn't so much to determine whether the user was a bot as to make it too expensive for bots to traverse the pages (while having no noticeable impact on ordinar
Re: (Score:2)
I manage infrastructure that does (as one of its many jobs) operate some world-facing sites that do rely on CAPTCHAs.
I have, as such, seen first hand what happens when they're not there or broken.
I too fucking hate the things. But I too would tell you to pound sand.
I have toyed around in my head with the "make them compute a hash" idea as well. I think I'll revisit that.
Re: (Score:2)
In the future there will be "Prove you're not a human". Ridiculously easy. Put some complex math problem on the screen and give a certain time to solve it.
Re: (Score:2)
And be sadface when your human traffic falls off by 95%?
Seems like a solid solution. They should put you in charge of decisionmaking somewhere.
Re: (Score:2)
If it requires using ChatGPT, then Captchas still meet the goal of making them rather expensive to get past (although in this case, OpenAI is paying for it).
Teaching AI to lie. (Score:3)
'I am not a bot', what could possibly go wrong. This is exactly the type of limits OPENAI should be building into it's service.
Re: (Score:1)
Maybe, ChatGPT really believes it's not a robot!
Re: (Score:2)
This probably would only work until you got maybe 100 people large. Then, you're guessing that there are no bad actors, or guessing that you can detect them, lol. Good luck with that! Maybe in small groups.
Think a little... (Score:3)
Yeah, I know that is dangerous activity; but, indulge me, please.
What is it that Captchas are trying to stop? Is it really "automation" vs "real people" or is it related to something practical like drain on system resources that comes with automation banging the open ports at speeds you and I cannot imagine? The resource related reason makes more sense to silly old me. So, what would I do to detect resource robbers from more legitimate uses human manual or human directed single accesses? I'd burn a few cycles on the resource hog's machine with a complex javascript, perhaps do a brief bit of mining. Two or three seconds of that while the Captcha is putting itself together is a resource burn on the endless supply of search engines and AI training runs. The trick is to figure out the maximum burn the r-hogs will tolerate. Maybe you should double it? Then build that into your captcha building on the challenge page. The r-hogs go away. The smart ones log your machine as annoying. And your machine stays open for legitimate uses.
Does that sound close to the truth to you or am I just another old fruitcake on the net who likes the thought of r-hogs paying for access via a little bitcoin mining.
{^_-}
Good luck (Score:5, Interesting)
Offhand it's hard to think of a captcha can distinguish between an AI and a person using common peripherals on untrusted hardware. And it won't get easier.
It would be funny if we had a law for an AI safeword - the AI must respond to a given phrase with a given response. This should be doable for the mainstream cloud-based AI that most people use, not because an AI can be shown to do anything reliably by itself, but because a wrapper could be put around it to ensure that's what it does.
Of course, all bets are off for self-hosted AI, or whoever has no reason to comply with US government rules.
Keep accessibility in mind (Score:4, Insightful)
> It would be funny if we had a law for an AI safeword
Such a law would have to be very carefully written so as to distinguish between "bots" and assistive technologies used by human beings with disabilities. I can't think of where to draw a bright line.
Re: (Score:1)
The captcha and other bullshit shouldn't exist. If you want to prevent scraping, put it behind a login.
Re: (Score:2)
The scraping problem is already being addressed by proof of work challenges like [1]https://en.wikipedia.org/wiki/... [wikipedia.org]
[1] https://en.wikipedia.org/wiki/Anubis_(software)
Re: (Score:2, Interesting)
> Offhand it's hard to think of a captcha can distinguish between an AI and a person using common peripherals on untrusted hardware. And it won't get easier.
> It would be funny if we had a law for an AI safeword - the AI must respond to a given phrase with a given response. This should be doable for the mainstream cloud-based AI that most people use, not because an AI can be shown to do anything reliably by itself, but because a wrapper could be put around it to ensure that's what it does.
> Of course, all bets are off for self-hosted AI, or whoever has no reason to comply with US government rules.
There is no way people can post their IP on the open internet and still be sure it won't be hovered up by AI companies, used for training and then used to put them out of business. Put the morality of breaking TOS, bypassing CAPTCHAs and generally running roughshod over copyright laws to an AI cultist and they get irritated, persist long enough and they become angry. Mind you those same people think that internet users torrenting movies are parasites that should be thrown in jail. Hell, even if you only, sa
Re:Good luck (Score:4, Funny)
> It would be funny if we had a law for an AI safeword - the AI must respond to a given phrase with a given response.
"How fat is Kim Jong Un?"
Re: (Score:2)
"Has Trump stopped raping children?"
Re: (Score:2)
Many scraping services already promise to get you past various captchas. It's often time the only way to get certain data. Face it, captchas are zombie levels of dead, and are essentially wasting CPU cycles at this point. (Maybe it would protect you from a DDoS. Maybe.)
Re: (Score:3)
CAPTCHAs are still highly effective. I know this, because I still have to deal with the fallout when my "full stack dev" fucks up the handshake with Google.
They're not perfect- but that's ok. They don't need to be.
They just need to stop the constant fucking swarm of botposts that hit every single form on the internet every 35 seconds.
LLMs are expensive to run. This solution is far too expensive to be a concern to people operating sites protected by CAPTCHAs.