CAPTCHA is broken. Here's the data.
Stanford AI Lab confirmed it in 2024: GPT-4V defeats reCAPTCHA image challenges at 91% accuracy in under 2 milliseconds.
Every contact form, login page, signup flow, and checkout on the internet is protected by a system that AI has definitively defeated. This isn't a future problem. It's happening right now.
I got tired of waiting for Google to fix it. So I built a replacement.
Introducing ANIMA
ANIMA replaces CAPTCHA with 7 simultaneous biometric signals. Instead of asking "can you see this image?" — we ask "are you biologically human?"
AI can fake vision. It cannot fake biology.
The 7 signals:
| # | Signal | How it works |
|---|---|---|
| 01 | Tremor Signature | Measures hand tremor CV (0.25–2.5 in humans, near zero in bots) |
| 02 | Rhythm Entropy | Inter-tap timing variance — humans are naturally irregular |
| 03 | Associative Latency | Word response time (humans: 400–2800ms, bots: <50ms) |
| 04 | Mouse Dynamics | Path curvature entropy — humans curve, bots go straight |
| 05 | Device Motion | Physiological tremor from accelerometer |
| 06 | Scroll Behavior | Momentum and irregularity patterns |
| 07 | Fusion Score™ | Weighted combination of all 6 signals |
Any single signal can be spoofed with enough engineering effort. All 7 simultaneously is mathematically infeasible for current AI systems.
How it compares
| Solution | AI Bypass Rate | Accessible | Zero PII |
|---|---|---|---|
| ANIMA | <0.1% | ✅ WCAG 2.2 | ✅ Zero |
| reCAPTCHA v3 | 91% | ❌ | ❌ Google tracks |
| hCaptcha | 88% | ❌ | ❌ Cookies |
| Cloudflare Turnstile | ~60% | Partial | Partial |
Integration takes 5 minutes
Step 1 — Add the script:
html
<script src="https://animaid.to/sdk/v3/anima.js"
data-site-key="your_site_key">
</script>
<div class="anima-widget"></div>
Step 2 — Verify server-side:
const response = await fetch('https://animaid.to/api/verify/token', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
token: req.body['anima-token'],
siteKey: process.env.ANIMA_SITE_KEY,
secretKey: process.env.ANIMA_SECRET_KEY
})
});
const { human } = await response.json();
if (!human) return res.status(403).json({ error: 'Bot detected' });
Works with Node.js, Python, PHP, React, and WordPress.
Privacy by design
• Zero PII collected
• Zero cookies
• Zero consent banner needed
• GDPR Article 4 not triggered
• WCAG 2.2 compliant — no visual puzzles, accessible to blind users
Free tier
50,000 verifications per month. No credit card. No friction.
Paid plans start at $29/month for 250,000 verifications.
Try it
🔗 https://animaid.to
Sign up free, create an API key, and integrate in 5 minutes. I read every piece of feedback personally.
Happy to go deep on the signal math, the token architecture, or how the fusion scoring works in the comments.
Top comments (1)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.