[timshell]

Thanks all for the discussion! Would like to highlight two parts that maybe didn't come fully through, and we'll work on making this clearer:

1. CAPTCHAs can still detect AI agents...if you know where to look. Most commercial CAPTCHAs are not doing the cognitive process tracing you see in our paper. Nor are they really doing 'behavioral biometrics' (but that is slightly tangential here). Our CAPTCHA example here is about repurposing the current paradigm with a new methodology (cognitive process tracing) in a way that is able to combat human/machine discrimination in a way that's independent on frontier AI progress.

2. There are lots of concerns about adversarial robustness, which are very fair, and we reported some fine-tuning tests in the paper. Generally, there are two mental models for me that work, both framing fraud as an economic game.

First, compare AI spoofability concerns to something like a passport or a fingerprint. The cost to mimic continuous cognitive and behavioral patterns over time seems more computationally complex. In other words, sure this method is not bulletproof with infinite resources, but nothing is. We rely on defeasible mechanisms everyday, and our job is to make that significantly securer.

Along these lines, there's a common line of criticism that suggests once fraudsters know the game, they will solve the game. The CAPTCHA presence in the 2000s didn't mobilize massive deep learning / image recognition advances from the fraud community. Nor are these same bot farms solving quantum computing despite there being immense incentives to. If anything, the real threats are stuff like JavaScript injections, not really fully simulating human cognition