reCAPTCHA accepting an invalid response to a challenge

Every now and then we receive reports mentioning that a reCAPTCHA challenge that's presented to the users in various places (e.g. when creating a Google account) can be occasionally bypassed and accepts even invalid answers to a challenge. For example, when users type invalid words, or select different images, they still pass the challenge. While this behaviour might be surprising, it's actually working as intended, and a technically interesting product feature of reCAPTCHA.

reCAPTCHA’s risk engine evaluates a wide range of signals to distinguish humans from bots. It is an adaptive CAPTCHA challenge system: the more abusive your behavior becomes, the harder challenges will get. reCAPTCHA’s verification uses several factors to determine the chances that a user is a human, not just the answer provided. We allow true humans to make mistakes in solving the challenge, while punishing bad bots even if they submit a correct answer.

It is expected that, if the system determines you're likely a human, it accepts your answer despite knowing that it's an invalid one. In fact, this feature is necessary to be able to combat spam effectively - if we always require a correct answer, it would be easier to create an automated solution to bypass reCAPTCHA challenges. By accepting invalid answers (and sometimes rejecting valid ones!) , creating such a bypass gets much more complicated for spammers.

Because of its nature, it's difficult to test the reCAPTCHA bypasses manually. However, if you're able to create an automated bot that can consistently bypass reCAPTCHA challenges in a large number of cases, please let us know!