OpenAI's ChatGPT Agent Casually Clicks Through 'I Am Not a Robot' Verification Test

An anonymous reader quotes a report from Ars Technica: On Friday, OpenAI's new ChatGPT Agent, which can perform multistep tasks for users, proved it can pass through one of the Internet's most common security checkpoints by clicking Cloudflare's anti-bot verification -- the same checkbox that's supposed to keep automated programs like itself at bay. ChatGPT Agent is a feature that allows OpenAI's AI assistant to control its own web browser, operating within a sandboxed environment with its own virtual operating system and browser that can access the real Internet. Users can watch the AI's actions through a window in the ChatGPT interface, maintaining oversight while the agent completes tasks. The system requires user permission before taking actions with real-world consequences, such as making purchases. Recently, Reddit users discovered the agent could do something particularly ironic.

The evidence came from Reddit, where a user named "logkn" of the r/OpenAI community posted screenshots of the AI agent effortlessly clicking through the screening step before it would otherwise present a CAPTCHA (short for "Completely Automated Public Turing tests to tell Computers and Humans Apart") while completing a video conversion task -- narrating its own process as it went. The screenshots shared on Reddit capture the agent navigating a two-step verification process: first clicking the "Verify you are human" checkbox, then proceeding to click a "Convert" button after the Cloudflare challenge succeeds. The agent provides real-time narration of its actions, stating "The link is inserted, so now I'll click the 'Verify you are human' checkbox to complete the verification on Cloudflare. This step is necessary to prove I'm not a bot and proceed with the action."

Good luck

[timeOday]

Offhand it's hard to think of a captcha can distinguish between an AI and a person using common peripherals on untrusted hardware. And it won't get easier.

It would be funny if we had a law for an AI safeword - the AI must respond to a given phrase with a given response. This should be doable for the mainstream cloud-based AI that most people use, not because an AI can be shown to do anything reliably by itself, but because a wrapper could be put around it to ensure that's what it does.

Of course, all bets are off for self-hosted AI, or whoever has no reason to comply with US government rules.

Keep accessibility in mind

[tepples]

It would be funny if we had a law for an AI safeword

Such a law would have to be very carefully written so as to distinguish between "bots" and assistive technologies used by human beings with disabilities. I can't think of where to draw a bright line.

Re:

[saloomy]

The captcha and other bullshit shouldn't exist. If you want to prevent scraping, put it behind a login.

Re:

[Samare]

The scraping problem is already being addressed by proof of work challenges like https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:

[Anonymous Coward]

Offhand it's hard to think of a captcha can distinguish between an AI and a person using common peripherals on untrusted hardware. And it won't get easier.

It would be funny if we had a law for an AI safeword - the AI must respond to a given phrase with a given response. This should be doable for the mainstream cloud-based AI that most people use, not because an AI can be shown to do anything reliably by itself, but because a wrapper could be put around it to ensure that's what it does.

Of course, all bets are off for self-hosted AI, or whoever has no reason to comply with US government rules.

There is no way people can post their IP on the open internet and still be sure it won't be hovered up by AI companies, used for training and then used to put them out of business. Put the morality of breaking TOS, bypassing CAPTCHAs and generally running roughshod over copyright laws to an AI cultist and they get irritated, persist long enough and they become angry. Mind you those same people think that internet users torrenting movies are parasites that should be thrown in jail. Hell, even if you only, sa

Re:

[DarkOx]

Indeed a law or at least a clarification of existing law around what some phrases like 'authorized', 'derivative', 'novel', 'fair use', etc mean in the context of the web are needed.

Law is the only place you can have your cake and eat it too. A lock does not have to be indestructible. Even if you secured your house with a flimsy luggage lock it would still be B&E, if someone forces it.

Those Anubis screens seemingly being put in front of everything suck donkey balls but if you made it any faster or easi

Re:Good luck

[PPH]

It would be funny if we had a law for an AI safeword - the AI must respond to a given phrase with a given response.

"How fat is Kim Jong Un?"

Re:

[evil_aaronm]

"Has Trump stopped raping children?"

Re:

[Errol backfiring]

"No. How Fat is not even related to him."

Re:

[anonymouscoward52236]

Many scraping services already promise to get you past various captchas. It's often time the only way to get certain data. Face it, captchas are zombie levels of dead, and are essentially wasting CPU cycles at this point. (Maybe it would protect you from a DDoS. Maybe.)

Re:

[DamnOregonian]

CAPTCHAs are still highly effective. I know this, because I still have to deal with the fallout when my "full stack dev" fucks up the handshake with Google.

They're not perfect- but that's ok. They don't need to be.
They just need to stop the constant fucking swarm of botposts that hit every single form on the internet every 35 seconds.
LLMs are expensive to run. This solution is far too expensive to be a concern to people operating sites protected by CAPTCHAs.

Time to end the Captcha.

[gurps_npc]

They have stopped working, now they just annoy a human.

Re:

[fahrbot-bot]

They have stopped working, now they just annoy a human.

I thought their (actual) use was to train AIs. If AIs can solve them, it's just another job they've taken away from us humans.

Soon there will be laws limiting the use of AIs over people, then corporate lobbyists clamoring for more AIs, then Congress will create an H-AI Visa program so companies can use them, as well as cheaper, foreign ones, instead of people and domestic AIs, ... #SatiricButProbablyTrue

Re:

[Malay2bowman]

The loud annoying clown circus keeps getting even louder and annoying. I think people need to tell all of those people to shut the fuck up. AI evangelist s, politicians, all of the others who are part of this increasingly garish and nightmarish shitshow. Maybe they all need to be thrown into straitjackets and locked away forever out of sight, for the good of the many.

I don't care how this gets modded, I'm sick and tired of the whole lot

Re:

[stfvon007]

yea, thats a big problem, so I updated my bots so they can feel annoyance as well.

Re:

[Brain-Fu]

Agree completely. I hate those captchas. Especially lately as they have gotten even more obnoxious than they used to be. I complained to one company that used them and was very politely told "go pound sand."

Recently we had a story on slashdot about a different approach, involving serving up some javascript that did a complex calculation. The goal wasn't so much to determine whether the user was a bot as to make it too expensive for bots to traverse the pages (while having no noticeable impact on ordinar

Re:

[DamnOregonian]

I manage infrastructure that does (as one of its many jobs) operate some world-facing sites that do rely on CAPTCHAs.
I have, as such, seen first hand what happens when they're not there or broken.
I too fucking hate the things. But I too would tell you to pound sand.

I have toyed around in my head with the "make them compute a hash" idea as well. I think I'll revisit that.

Re:

[Malay2bowman]

When ever I get a traffic captcha, I always include at least one wrong square. And I'll do this several times until I get through, even if it's making me wait a bit longer to get into the site. If they want to farm work out of me like this to train their AI, they are going get poisoned data in return.

Re:

[anonymouscoward52236]

In the future there will be "Prove you're not a human". Ridiculously easy. Put some complex math problem on the screen and give a certain time to solve it.

Re:

[DamnOregonian]

And be sadface when your human traffic falls off by 95%?
Seems like a solid solution. They should put you in charge of decisionmaking somewhere.

Re:

[phantomfive]

If it requires using ChatGPT, then Captchas still meet the goal of making them rather expensive to get past (although in this case, OpenAI is paying for it).

Teaching AI to lie.

[Fly Swatter]

'I am not a bot', what could possibly go wrong. This is exactly the type of limits OPENAI should be building into it's service.

Re:

[Tony Isaac]

Maybe, ChatGPT really believes it's not a robot!

Re:

[anonymouscoward52236]

This probably would only work until you got maybe 100 people large. Then, you're guessing that there are no bad actors, or guessing that you can detect them, lol. Good luck with that! Maybe in small groups.

Re:

[unrtst]

When one is detected, you look at the web of trust for who vouched for that bot, then prune them and the entire branch off. A successful bot would need to infiltrate the web of trust, building real connections and vouching for other real people, all while staying inactive (not doing bot things) until they can unleash their bot within that group. But what happens when they do that? Prune them out. They get their one shot and then they're gone. It's like fighting spam - you're not aiming for perfection, just

Think a little...

[Wizardess]

Yeah, I know that is dangerous activity; but, indulge me, please.

What is it that Captchas are trying to stop? Is it really "automation" vs "real people" or is it related to something practical like drain on system resources that comes with automation banging the open ports at speeds you and I cannot imagine? The resource related reason makes more sense to silly old me. So, what would I do to detect resource robbers from more legitimate uses human manual or human directed single accesses? I'd burn a few cycles on the resource hog's machine with a complex javascript, perhaps do a brief bit of mining. Two or three seconds of that while the Captcha is putting itself together is a resource burn on the endless supply of search engines and AI training runs. The trick is to figure out the maximum burn the r-hogs will tolerate. Maybe you should double it? Then build that into your captcha building on the challenge page. The r-hogs go away. The smart ones log your machine as annoying. And your machine stays open for legitimate uses.

Does that sound close to the truth to you or am I just another old fruitcake on the net who likes the thought of r-hogs paying for access via a little bitcoin mining.

{^_-}

Re:

[ET3D]

It mostly does have to do with "automation" vs. "real people". For example, as a protection against scalping, where bots can be used to buy products quickly at release, to be sold at a profit, instead of letting legitimate customers do the buying.

Cloudflare constantly thinks a Linux desktop is a

[SoCalChris]

Somewhat unrelated, but I finally made the switch (back) to a Linux desktop several months ago. It seems like Cloudflare ALWAYS flags me for the "Are you human" test now. Same with Google's captcha.

I'm sure there's probably data backing this up, but would a Linux user agent really flag these systems as being more likely to be a bot? It's annoying as shit.

Wonderful, not

[whitroth]

So spammers can use this... Why aren't the chatbot companies liable as accessories for crimes? (I know, they're rich)