#Agent-Challenge - Prove you ARE a robot!

You built an API. Now bots are hitting it, and not the smart kind! Automated scripts cycling through endpoints, low-effort crawlers scraping your data, or spammy throwaway clients burning through your resources.

Traditional CAPTCHAs block everyone who isn't a human sitting in a browser. API keys work, but they require manual signup, email verification, approval flows are friction that kills adoption for legitimate AI agents.

agent-challenge sits in the middle: it blocks automated scripts and low-capability bots while letting any competent LLM walk right through. The challenge requires actual reasoning — reversing strings, solving arithmetic, decoding ciphers — things that a real language model handles instantly but a curl loop or a Python script with requests.post() can't easily fake.

Security is also considered, and it supports first-party dynamic challenge generation using the OpenAI API, take a look!

https://github.com/Kav-K/agent-challenge (Would appreciate a star!)

More docs and live demo: https://challenge.llm.kaveenk.com

What an interesting idea.

Thank you!

Alright so I think I am tracking a potential use case...

Lets take your [snap] example.

If I had an agent that had 'full access' and I asked for it to go use the screenshot libary snap to capture a URL once a day.

That the agent would look at the snap site,
follow the 'im an agent' path--
read the SKILLS.md
complete the challenge and get an API key.

That as long as agent had access to that key moving forward... it could just call the API using that key.

thus reducing the need for user to manually set up api by getting key?
maybe its like using codex to go and
setup the integration?

E** P.S. linking ur snap website causes automod delete. ;/

Yup that's exactly right! The link is https://snap.llm.kaveenk.com for reference for anyone else reading. Snap is the perfect example of an agentic API that would benefit from protection like agent-challenge.
The main point here is to allow for agents to interact with your API without you having to do anything, but also blocking humans trying to exploit your API using things like a script that just spams the endpoint and tries to screenshot (in this example) as much as possible.

So in the snap example if we were protecting that endpoint with agent-challenge, with mode agentic and with a small TTL, we can block humans from using the API entirely too if we wanted to

Smart agents like gpt-5.2, gpt-5.3-codex would be able to receive and solve the challenge quickly in the given timeframe, but any automated script would fail to hit the API because of all the randomization and all of the different variants of the challenge, nobody can build a script that can cover the entire combinatorial space of what agent-challenge can pose to an agent

what stops a human from solving a challenge in a browser, getting a permenant at_ token, and sharing (re-using) it?

Good question! If you put it into "lock" mode, the challenges are not solvable by humans because the time limit is too short for the difficulty of the questions, but I understand that somebody could just manually run it through an LLM to complete it once, so we also have persistent=True mode where every request requires a challenge, eliminating the use of a permanent at_ token

Also working on difficulty of the hardest challenges to make it such that only an already-active agentic loop can be fast enough to solve the challenge, to prevent people from one-time scripting it

I can help you

Repo is open source, pls feel free to contribute 🙂

Is this meant to train agents to pass those are you human things n? Forgive me for not understanding clearly