Google has introduced a new security system, Cloud Fraud Defense, which is already being called the direct successor to the famous reCAPTCHA — the “I’m not a robot” verification mechanism, familiar to millions of Internet users, writes xrust. The new platform was shown as part of the Google Cloud Next 2026 conference and should be a response to the sharply increased number of automated attacks, fraudulent registrations and abuse by AI bots.
For the average user, this means that familiar pictures with buses, traffic lights and bicycles may gradually become a thing of the past. Instead, Google offers a more complex and almost invisible system for analyzing human behavior, device and network activity.
Why Google decided to abandon the classic CAPTCHA
The CAPTCHA system appeared in the early 2000s as a way to distinguish a person from a computer program. Over time, machine learning technologies have become so advanced that modern bots have learned to bypass many classical checks. Research in recent years has shown that some versions of reCAPTCHA can be cracked using neural networks with high accuracy.
In addition, the Internet has changed a lot. If previously the main threat was simple automatic scripts, now companies are faced with entire networks of intelligent bots that can:
- automatically create accounts;
- select passwords;
- make fake purchases;
- collect data;
- imitate the behavior of real users;
- use AI to bypass protections.
Against this background, the standard “I’m not a robot” checkbox has ceased to be a universal solution.
This is why Google decided to turn reCAPTCHA from a regular verification mechanism into a full-fledged anti-fraud platform.
What is Cloud Fraud Defense
Cloud Fraud Defense is a comprehensive system for protecting sites and applications from fraudulent activity. Essentially, Google combines several technologies into a single service:
- user behavior analysis;
- checking the device;
- assessment of network activity;
- identification of suspicious patterns;
- detection of automated actions;
- protection of payments and accounts.
The company claims that the new system can detect not only ordinary bots, but also so-called “AI agents” — autonomous AI agents capable of independently performing actions on the Internet.
For example, if previously CAPTCHA only checked the presence of a person in front of the screen, now the platform analyzes the entire context of the user’s actions. This may include cursor speed, query history, device characteristics, and even the type of interaction with the site.
Google relies on “invisible” security
One of the main goals of Cloud Fraud Defense was to minimize annoying checks for ordinary people.
Google admits that users are tired of constantly choosing pictures with hydrants and motorcycles. Therefore, the new system will try to carry out the check in the background, without forcing a person to perform additional actions.
If the risk seems high, the system may require additional identification. In some cases, we are even talking about QR codes and confirmation via a mobile device. It is this feature that has already caused a wave of discussions among privacy experts.
Why the new system is already causing controversy
Despite Google's statements about improving security, part of the community greeted Cloud Fraud Defense with extreme caution.
The main complaint is that the new verification scheme may tie users more closely to the Google ecosystem. Some owners of Android smartphones without Google Play services have already reported problems with passing checks. This is especially actively discussed among users of alternative Android firmwares like GrapheneOS and LineageOS.
Critics believe that the Internet is gradually moving towards a model where anonymity and independent devices will be perceived as potentially suspicious.
In addition, experts fear increased collection of user data. The more complex a behavior analysis system is, the more information is required to operate it.
At the same time, supporters of the new technology note that modern fraudulent schemes are indeed becoming more and more dangerous, especially with the development of generative AI and autonomous agents.
How will this affect developers
For site owners and developers, the transition should be relatively painless. Google says existing reCAPTCHA customers will be automatically migrated to the new platform without the need to change integrations.
However, the functionality of the system will become much wider.
Cloud Fraud Defense focuses not only on protecting login forms, but also on:
- e-commerce;
- payment systems;
- account registration;
- banking services;
- API;
- cloud platforms;
- mobile applications.
In fact, Google is trying to turn reCAPTCHA into a universal digital trust management center.
Why the topic is especially important right now
The development of generative AI has dramatically increased the amount of automated traffic on the Internet. Many companies are already complaining about the influx of bots that can imitate human actions with almost no errors.
The emergence of the so-called “agentic web” — the Internet where AI agents independently interact with services — is becoming a new challenge for the entire industry.
Essentially, Google is preparing for a future in which sites will have to differentiate:
- real person;
- regular bot;
- legal AI agent;
- fraudulent automated system.
It is under this model that Cloud Fraud Defense is being created.
What will happen next
While the new system is still in its early stages of implementation, it is clear that Google intends to gradually replace the classic reCAPTCHA with a new security architecture.
For users, the changes may be almost invisible — at least until the algorithms deem their actions suspicious.
For developers, a new era of anti-fraud protection begins, where the fight is no longer just against bots, but against intelligent autonomous systems.
And if earlier the Internet checked whether a person can recognize a bus in a picture, now he may have to prove that he is even a person.
By page: https://www.infoq.com , InfoQ, Google Cloud Next, TechRadar
Xrust Google buries reCAPTCHA: the company introduced a new Cloud Fraud Defense system to protect against bots and online scammers
