Deep neural networks (DNNs) achieve high success rates against conventional CAPTCHAs, and existing adversarial generation methods rely on original images, suffer from severe distortions, and fail in source-free settings. Method: We propose the first source-free, two-stage adversarial CAPTCHA generation framework. Stage I employs large language model (LLM)-guided semantics and latent-space optimization of diffusion models to synthesize high-fidelity, text-driven CAPTCHAs. Stage II introduces a dual-path black-box attack—BP-UAC—and EDICT-based latent-variable optimization to jointly model targeted and untargeted attacks. Contribution/Results: Our method requires no original CAPTCHA inputs, generates human-readable yet DNN-confusing CAPTCHAs, and significantly improves attack success rates across diverse CAPTCHA systems. It outperforms state-of-the-art approaches in both visual quality and robustness, establishing a new benchmark for source-free adversarial CAPTCHA generation.

With the rapid advancements in deep learning, traditional CAPTCHA schemes are increasingly vulnerable to automated attacks powered by deep neural networks (DNNs). Existing adversarial attack methods often rely on original image characteristics, resulting in distortions that hinder human interpretation and limit applicability in scenarios lacking initial input images. To address these challenges, we propose the Unsourced Adversarial CAPTCHA (UAC), a novel framework generating high-fidelity adversarial examples guided by attacker-specified text prompts. Leveraging a Large Language Model (LLM), UAC enhances CAPTCHA diversity and supports both targeted and untargeted attacks. For targeted attacks, the EDICT method optimizes dual latent variables in a diffusion model for superior image quality. In untargeted attacks, especially for black-box scenarios, we introduce bi-path unsourced adversarial CAPTCHA (BP-UAC), a two-step optimization strategy employing multimodal gradients and bi-path optimization for efficient misclassification. Experiments show BP-UAC achieves high attack success rates across diverse systems, generating natural CAPTCHAs indistinguishable to humans and DNNs.