How do AI agents handle CAPTCHAs?

How do AI agents handle CAPTCHAs?

CAPTCHAs are an arms race. Every few months a new variant lands; every few weeks the previous solving approach degrades a little. The only durable strategy is to avoid triggering them in the first place — and to have a clean fallback for the cases you can't. Production agent stacks layer three different mechanisms with that order in mind: avoidance first, automatic solving second, human bootstrap third.

Avoidance — make the agent uninteresting

Most CAPTCHAs aren't triggered by what the agent does inside the browser; they're triggered by upstream signals before the agent even sees the page. Three things move the needle the most:

• Residential proxies and clean IPs. Datacenter IPs are flagged by reputation lookups before the page renders. Residential traffic isn't.
• A credible browser fingerprint. Default headless Chromium is fingerprintable as bot in seconds. Stealth profiles match a real user's canvas hash, fonts, audio context, and JS quirks.
• A persistent digital identity. Sites that score device-trust treat a returning identity as low-risk and a fresh visitor as suspicious.

When all three are tuned, most flows that would otherwise CAPTCHA a default Playwright agent run end-to-end without challenge. The CAPTCHAs you avoid are the ones you don't have to pay to solve.

Automatic solving — the second-line defense

For the challenges that still fire, Notte ships an automatic solver. Set one flag on the session and supported CAPTCHAs are detected, solved in the background, and the agent continues — no extra code in the agent loop.

from notte_sdk import NotteClient

client = NotteClient()

with client.Session(solve_captchas=True, proxies=True) as session:
    agent = client.Agent(session=session)
    agent.run(task="Sign up at example.com and confirm via email.")

Under the hood it's a mix: in-house models trained on the puzzle types Notte sees most, plus third-party solver routes for the long-tail. The flag covers reCAPTCHA v2 (checkbox and image), reCAPTCHA v3 (invisible / score-based), and hCaptcha. Combine with proxies=True and solve_captchas becomes near-invisible in normal runs.

Human bootstrap — when both layers fail

Some sites deliberately escalate beyond what's solvable: bank-grade challenges with photo verification, custom puzzles tied to a single device. For those the right answer isn't a smarter solver — it's a browser profile. A human (or you, the developer) completes the challenge once via Notte's session viewer with persist=True; every subsequent run attaches the saved profile and starts past the wall.

This is the universal escape hatch from the auth decision tree: if the agent gets stuck on a CAPTCHA it can't avoid or solve, fall back to a manual profile and never re-encounter that wall.

Common pitfalls

• Solving without avoiding first. Turning on the solver without good stealth means you'll keep getting re-challenged on every action. Solve the upstream signal, not the downstream symptom.
• Treating the solver as a hard guarantee. No solver is 100%. Wrap a verifier around the post-CAPTCHA state to catch silent failures.
• Persisting a session that's already CAPTCHA-flagged. If a profile was bootstrapped under a flagged identity, every reuse inherits that flag. Bootstrap clean.

Key takeaways

• CAPTCHA strategy is layered: avoid (stealth + proxy + identity), solve automatically, then human-bootstrap a profile as a final fallback.
• Notte's automatic solver covers reCAPTCHA v2, v3, and hCaptcha behind a single solve_captchas=True flag — no agent-side code changes.
• Avoidance is cheaper and more reliable than solving; tune that layer before you turn the solver on.
• For sites that escalate beyond solvable challenges, bootstrap a browser profile manually and reuse it.