Fake AI CAPTCHA Pages Used to Bypass Phishing Defenses

by Justin Erickson

Security researchers report that criminals are using AI-native development and hosting platforms (Lovable, Vercel, Netlify) to create convincing CAPTCHA pages that hide underlying phishing sites. The CAPTCHA acts as a decoy for scanners and makes the user feel safe; but after it’s solved, victims are redirected to credential-harvesting pages. Abuse is enabled by easy page generation and free hosting tiers. To keep yourself safe, double check the legitimacy of both CAPTCHAs and login pages, and only access pages through official sources.