Artificial Intelligence startup may have cracked CAPTCHA

You know those annoying, hard-to-read CAPTCHA text images that Web sites make you type to prove that you're not a machine? Vicarious, a California-based artificial intelligence startup, claims to have written software that can successfully interpret and reproduce the text inside the CAPTCHA image with 90% accuracy.

If it's true, that's better than what a lot of people can do with those skewed letters.

CAPTCHA--the Completely Automated Public Turing test to tell Computers and Humans Apart--was designed to keep hackers from flooding Web sites with automated responses. By reading and then typing a distorted image of text designed to confuse OCR software, you prove that you're a real human being.

Vicarious claims a 95-percent success rate on reading and decoding individual letters in a CAPTCHA, and a 90-percent success rate on the full, two-word code.

The company is cracking CAPTCHA to show off its Recursive Cortical Network (RCN) technology, intended to mimic the human brain's neocortex (the part of the brain that manages language and complex thought).

According to a company announcement and Vicarious co-founder Dr. Dileep George, Vicarious is taking a whole new approach to artificial intelligence, with "a long term strategy for developing human level artificial intelligence" The process begins "with building a brain-like vision system."

Fortunately, Vicarious isn't planning to hack websites with their AI program. Potential commercial applications include medical analysis, image search, and robotics, but the company warns that any practical application is "still many years away."

So why the big announcement about CAPTCHA? According to George, "Modern CAPTCHAs provide a snapshot of the challenges of visual perception, and solving those in a general way required us to understand how the brain does it." Vicarious sees cracking CAPTCHA as a public demonstration of the software's capabilities.  And a great opportunity to get some exposure.

But with this exciting (alleged) breakthrough comes some potentially serious risks.  A reliable way to break CAPTCHAs could be devastating to Web security. In fact, Vicarious is so concerned about the negative potential in its technology that it's keeping its physical location a secret.

At some level, cracking CAPTCHA seems inevitable. In a world where ATMs can read the dollar amounts on hand-written checks, we're clearly heading towards a time where computers can read anything humans can.

Luis von Ahn, one of the inventors of CAPTCHA, remains skeptical that Vicarious has actually figured out the secret sauce. “It’s hard for me to be impressed since I see these every few months," Ahn says. He figures he's seen about 50 claims of CAPTCHA-cracking technology. Each time, if the threat is legitimate, the CAPTCHA developers tweak their code and eliminate the problem. He suspects the same thing will happen with Vicarious' RCN.

At this point, the software is far from the hands of criminals anyway.  In fact, it has yet to be seen in the hands of qualified, objective testers who can confirm the company’s claims. Vicarious has released a video demonstrating the technology's capabilities, but that sort of thing is always suspect.

Vicarious' technology may turn into something to cheer about…or something to worry about. It may also prove meaningless. But with CAPTCHA codes providing a major security barrier for many popular online sites and services, the public has a reason to be concerned about any serious claims at cracking it.  It could threaten the security of any data stored in the cloud or accounts managed on the Web.  Or we could just be looking at a simple code tweak.  We’ll hope for the latter, but either way, we won’t find out for a while.

Subscribe to the Security Watch Newsletter