Hey everyone! I’ve been diving down a rabbit hole recently regarding web security, specifically looking at how we keep automated bots out of our applications. I think we can all universally agree that traditional CAPTCHAs are one of the most frustrating parts of using the internet today. You just want to submit a simple login form, and suddenly you are forced to squint at blurry pictures to decide if a tiny corner of a bumper counts as a traffic light. The core challenge here is essentially a never-ending arms race. As developers, we create a visual test to block bots. But then, those very tests are often used to train machine learning models, which eventually learn to solve the puzzles faster and more accurately than we can. To counter this, the puzzles have to get increasingly complex and ambiguous, which unfortunately punishes the actual human users the most. It is a system where the security measure actively degrades the user experience.…