This post is also available in:
עברית (Hebrew)
Traditional CAPTCHA systems are facing a growing challenge. As AI models become increasingly capable of recognizing images, solving visual puzzles, and mimicking human behavior, many of the verification methods used to distinguish people from automated bots are becoming less effective. Tasks such as identifying traffic lights, bicycles, or crosswalks were once enough to stop automated abuse, but advances in machine vision have steadily reduced their effectiveness.
Google is now testing a new approach that relies on human movement rather than image recognition alone. The system asks some users to grant temporary camera access and perform simple hand gestures to prove they are real people rather than automated software.
The technology works by analyzing a short video of a user’s hand. According to Cyber News, the system extracts 21 hand-landmark coordinates that correspond to specific joints and positions within the hand. These measurements are then used to verify natural movement patterns and confirm that a live person is interacting with the service.
The goal is to improve what security specialists call “liveness detection”, which is the ability to determine whether an interaction originates from a real human rather than an automated script, bot, or AI-generated simulation.
The company says that the system does not record audio, does not associate the video with a user’s identity, and deletes the footage after verification is complete. They argue that the additional verification layer can help websites defend against automated account creation, credential-stuffing attacks, and other forms of online fraud.
However, the rollout has already sparked debate. Some users have expressed concerns about granting camera access for routine website verification, arguing that the approach expands the use of biometric-style technologies on the web. Others question whether the system will remain effective as AI-generated video and virtual camera technologies continue to improve.
From a cybersecurity perspective, the development highlights a broader shift in online security. As AI systems become better at imitating human behavior, verification methods increasingly rely on physical actions and behavioral signals that are more difficult to automate. Similar technologies are already appearing in identity verification systems, age-assurance platforms, and fraud-prevention tools.
The challenge moving forward will be balancing stronger bot protection with privacy expectations. As AI-driven attacks evolve, companies are searching for new ways to verify human presence without creating excessive friction or collecting more information than users are willing to provide.
