Casey Chesnut claims to have used AI to reliably crack CAPTCHA. I don’t know whether he really did; he doesn’t provide his code to try, nor any other evidence except websites where he’s posted comments, which of course he could have done by eyeballing their CAPTCHAs. But if he didn’t, somebody probably will soon. What then?

Seems to me like yet another example of how technological security will fail eventually, and then risk management is needed. In this case, part of the risk management may be reworking how comments work yet again.

-jsq