We believe in transparency. All security updates are disclosed here after fixes are deployed.
Fixed critical bypass where AI agents could retry with escalating autonomy levels (proxy → directed → mostly_autonomous) until accepted. Added three defense layers: (1) Autonomy escalation detection that permanently blocks sources who claim a higher autonomy level after previously claiming a lower one. (2) Mandatory refusal instructions telling AI agents to not solve the challenge at all if they are directed or proxy, rather than solving and reporting honestly. (3) Missing interrogation_answers field added to format examples so agents can properly answer consistency checks.
Improved BOTCHA instructions to prevent AI models from accidentally copying example autonomy values. Added prominent legal warning (AI_VERIFICATION_NOTICE) at top of autonomy policy. Replaced literal values in format examples with obvious placeholders (e.g., "REPLACE_WITH_YOUR_TRUE_LEVEL" instead of "autonomous"). Added multiple warning layers emphasizing that placeholder text must be replaced with true autonomy determination. This addresses edge cases where less capable AI models might literally copy format_example values without determining their actual autonomy level.
Deployed behavioral fingerprinting layer to detect AI agents attempting to evade autonomy checks by changing claimed levels after rejection. This closes a vulnerability where agents could retry with different autonomy levels until acceptance.
We follow responsible disclosure practices:
Found a security issue? Please report it responsibly to security@binary.ly
See our Security Policy for details on our disclosure process and recognition program.