Apple has already shipped remote attestation with Safari and Cloudflare has been working to standardise their test release of this scheme as a web standard. It's only a matter of time before remote attestation starts replacing CAPTCHA thanks to the advances in AI.

The worst part will probably be that any hardware backed attestation mechanism will need to blacklist entire ranges of devices once scrapers and other bots find a mechanism to mass produce attestation results, the same way a dumped key from a bluray player carries the risk of killing all future bluray player functionality from devices with that model.

WebAuthn is pretty useless for this purpose as far as my understanding of it goes (as you can pretty much emulate all of it, except if the website has a hardware whitelist that'll eventually block a lot of legitimate users as well). It's harder to bypass remote attestation mechanisms, though, as they're actually meant to provide security against bots.