CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) have been in use for a long time on the web to block bots from accessing services. Many Different types of CAPTCHAs exist in various shapes and forms. As traditional CAPTCHAs became increasingly susceptible to attacks, mainly with the rise of artificial intelligence, there were efforts to enhance their complexity. As a side effect, this also increased the difficulty for legitimate users. Then attackers improved their methods, and the CAPTCHAs were broken once again, while the regular user keeps getting harder challenges. Over the years, this cycle has continued, leading to today’s CAPTCHAs, which are not only insecure but also difficult to solve for regular users, defeating the purpose of having a CAPTCHA in the first place. What makes AI attacks so successful in CAPTHCA systems is their ability to perform the given task with high accuracy. AI bots are now faster and more successful in solving CAPTCHAs than humans.

In this paper, we propose SHAPECAP (Shape Analysis and Precision Exploiting CAPTCHA), a novel interactive CAPTCHA system that aims for a user-friendly solution that is also secure against AI-backed attackers. The design of our solution involves a canvas on which shapes are moving randomly. The user can choose a specific shape at the start of the challenge and use the mouse pointer to follow it. There will be small variations of the chosen shape in order to confuse the user. If the user follows the correct shape, they will complete the challenge faster, while following the variation shapes will take longer. Based on the mouse movement data collected throughout the challenge, we can confirm whether the user is a human or a bot. Our aim is to find a pattern that shows humans are more likely to follow irregular shapes. We exploit the precision of machines and use it against them while capitalising on the natural tendency of humans to make errors.