I actually have had some success with AI "red-teaming" against my systems to identify possible exploits.

What seems to be a better CAPTCHA, at least against non-Musk LLMs is to ask them to use profanities; they'll generally refuse even when you really insist.