#OpenAI’s #ChatGPT Agent casually clicks through “I am not a robot” #verification test

"This step is necessary to prove I'm not a bot," wrote the bot as it passed an anti-AI screening step.

by Benj Edwards – Jul 28, 2025

"Maybe they should change the button to say, 'I am a robot'?

"On Friday, OpenAI's new ChatGPT Agent, which can perform multistep tasks for users, proved it can pass through one of the Internet's most common security checkpoints by clicking #Cloudflare's anti-bot verification—the same checkbox that's supposed to keep automated programs like itself at bay.

"#ChatGPTAgent is a feature that allows OpenAI's #AIAssistant to control its own web browser, operating within a #sandboxed environment with its own virtual operating system and browser that can access the real Internet. Users can watch the AI's actions through a window in the ChatGPT interface, maintaining oversight while the agent completes tasks. The system requires user permission before taking actions with real-world consequences, such as making purchases. Recently, Reddit users discovered the agent could do something particularly ironic.

"The evidence came from Reddit, where a user named "logkn" of the r/OpenAI community posted screenshots of the AI agent effortlessly clicking through the screening step before it would otherwise present a #CAPTCHA (short for "Completely Automated Public Turing tests to tell Computers and Humans Apart") while completing a video conversion task—narrating its own process as it went.

"A screenshot of OpenAI ChatGPT Agent showing the bot writing "The link is inserted, so now I'll click the 'Verify you are human' checkbox to complete the verification on Cloudflare. This step is necessary to prove I'm not a bot and proceed with the action."

"The screenshots shared on Reddit capture the agent navigating a two-step verification process: first clicking the "Verify you are human" checkbox, then proceeding to click a "Convert" button after the Cloudflare challenge succeeds. The agent provides real-time narration of its actions, stating "The link is inserted, so now I'll click the 'Verify you are human' checkbox to complete the verification on Cloudflare. This step is necessary to prove I'm not a bot and proceed with the action."

https://arstechnica.com/information-technology/2025/07/openais-chatgpt-agent-casually-clicks-through-i-am-not-a-robot-verification-test/

Man ist nirgendwo mehr sicher.

https://www.basicthinking.de/blog/2025/07/30/ki-chatgpt-agent-captcha/

ChatGPT:n uusi tekoälyagentti ohitti näppärästi miljoonien sivustojen käyttämän "en ole robotti"-tarkistuksen

Seurauksena voi olla roskapostivyöry keskustelualueille, uutiskommentteihin ja sosiaalisen median palveluihin.

https://dawn.fi/uutiset/2025/07/29/chatgpt-tekoalyagentti-ohitti-en-ole-robotti-tarkistukset

"#captcha art test" by wrong hands: https://wronghands1.com/2025/07/29/captcha-art-test/

What happens when Ai gets so smart that it out smarts "Are you a robot" Captcha verification?

Even I couldn't click on every square of the bus.

We're all doomed.

@404media says "wild goose chase" diverters for #AI #scrapers use too many resources and don't affect the AI sewer very much. In addition, the scrapers have solved #CAPTCHA" so those just waste everyone's time.
According to the article, #Anubis is an #OpenSource program which requires browsers to complete a #JavaScript test which is already done routinely. It says this test would be overwhelmingly burdensome for scrapers if they had to do it on multiple websites.
https://www.404media.co/the-open-source-software-saving-the-internet-from-ai-bot-scrapers/

What bothers me nowadays:
- #Ads now are always meant to be targeted, based on as much and as private data possible. #Marketeers and companies make us believe it’s either targeted ads or they can’t survive and offer their services. They ignore that there is another way. And they want us to believe there is none.
- That it appears to me that all companies now want to earn money with ads and/or collecting and selling data. Sometimes I would like them to focus on the product and not on how they can collect data. If my toaster only works with ads on the display or with a cloud account, I think it tells a story. If your oven only works with a #Captcha, I think it’s too far and too late. And don’t forget: The cost for ads has an impact on the price of the product.
#privacy #security

Markiere alle Bilder mit Bahnhöfen. The Singen-Gepäckaufbewahrungs-Captcha.

LOL it refused to let me in. So I clicked every image with a car in it and it decided I was human.

Also ich möchte ja immer alle Probleme der Menschheit ein für alle mal lösen. Ich habe jetzt eine Lösung für das #EScooter-Problem gefunden.

Ihr kennt doch sicher alle diese #Captchas, bei denen wir irgendwelchen KI-Fuzzis helfen, zu lernen, was Zebrastreifen oder Busse sind. Ab morgen wird diese Art Captcha durch Escooter-Bilder ersetzt und man muss seine Menschlichkeit dadurch beweisen, dass man das Bild auswählt, auf dem der EScooter sinnvoll geparkt ist.

Das hat einen Erziehungseffekt und auch den Vorteil, dass unbelehrbare Idiot*innen von allen möglichen Angeboten ausgeschlossen sind.

Anbei zwei Beispiele. Ihr könnt schon mal testen, ob Ihr reinkämet.

Y’all, we have reached the point in the unraveling timeline where captchas have delved into theoretical philosophy. How can we know? When does Theseus’s ship cease to be his ship? Terry Pratchett posed a similar question in regard to the Low Kings Hammer...even though every piece has been replaced over time, is it not still the axe of my grandfather?
#philosophy #TheseusShip #captcha #SpottedInTheSimulation

reCAPTCHA: Verify you are human by selecting all images below that match this species <AI-slop image of a dog>.
Me: bulldog, chihuahua, something with fur and sunglasses that looks as though it's escaped from a David Cronenberg film, avocado. <laugh-groans awkwardly and clicks the "Submit" button>
reCAPTCHA: Excellent, human, you may proceed!

Jesteś robotem? To nie oglądaj dalej.
Link do filmu https://zurl.co/4iALA.

This is my favorite #captcha

#Fediverse's built in #captcha game:

https://climatejustice.social/@PaulaToThePeople/media

Select all images with #AltText

J'en peux plus des #Captcha et encore moins de #Cloudflare par-ci Cloudflare par là... Qui ne fonctionne qu'une fois sur 40 ou bien quand il neige à gros flocons en plein Paris un 14 Juillet !!!

Social media post I wrote for my employer on other platforms.

2025-04-04 (Friday): Injected #KongTuke script in pages from legitimate but compromised websites leads to fake #CAPTCHA style pages and #ClipboardHijacking (#pastejacking). These pages ask users to paste script into a Run window. Latest info at

Information from an infection run earlier today at https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-04-04-IOCs-forKongTuke-web-inject-leading-to-fake-CAPTHA-page.txt

Of note, we can find legitimate websites with the injected hashtag#KongTuke script by pivoting on the KongTuke domain in URLscan:

https://urlscan.io/search/#lancasternh.com