← Back to blog

A candidate sits a 90-minute remote assessment. The browser is locked. A camera watches their face. By every signal the proctoring software can measure, the session is clean. Underneath it, an API call to a language model is running through a phone on a separate connection. The session ends with zero violations, and an invalid result is certified as valid.

This is the defining failure of remote assessment in 2026, and it is not a bug in any single product. It is a consequence of where the incumbent tools operate. This guide explains the methods that actually prevent AI-assisted cheating — for academic exams, technical hiring interviews, and professional certifications alike.

Why the old playbook stopped working

The scale of the problem is now measurable, and it is large. In 2026, 48% of technical candidates were flagged for AI assistance across 19,368 live interviews (Fabric, State of AI Interview Cheating in 2026) — and 61% of those flagged cheaters would still advance past the hiring bar undetected (Fabric, 2026). Separately, 88% of online exams are reported to face AI cheating risk (Talview, AI Threat Index Report 2026), proctored coding-assessment fraud more than doubled from 16% to 35% in a single year (CodeSignal, February 2026), and in higher education, AI-cheating incidents rose from 1.6 to 7.5 per 1,000 students between 2022-23 and 2024-25 (Anara, 2025). In our own pilots, 70% of candidate devices were found to be carrying at least one invisible AI overlay before the session was secured.

The economics explain the surge. A human proxy test-taker historically cost $900–$2,500 per exam (CompTIA / CertWizard); a general-purpose AI subscription costs roughly $20 a month and covers unlimited exams. When the cost of cheating collapses by two orders of magnitude, volume follows.

The incumbent defenses were designed for an earlier threat model:

• Webcam and gaze proctoring (Proctorio, ProctorU, Honorlock, Talview) watches the candidate. But submitting a prompt to a phone takes a two-second glance indistinguishable from checking the time, and an invisible AI overlay renders on the same screen the candidate is already looking at.
• Lockdown browsers (Respondus LockDown Browser, Safe Exam Browser) restrict the exam window. But everything that matters now runs outside the browser — a helper process, an on-device LLM, or a second device — and bypasses are publicly documented.
• Behavioral AI detectors guess intent from behavior at well under 55% accuracy and bury proctors in alerts, producing alert fatigue rather than prevention.

Detection is a signature database racing a global open-source community. Every time a tool is fingerprinted, it is recompiled with a new name within days. Prevention takes the opposite approach, and that is what the methods below are built on. (For the underlying numbers, see our AI Cheating Statistics 2026 report and the quarterly Threat Index.)

The three layers of assessment security

Every assessment-security stack has three layers. Understanding which layer a control lives in tells you exactly what it can and cannot stop.

1. Physical / behavioral layer — webcams, gaze tracking, human review. Good for physical impersonation and out-of-frame anomalies; blind to anything on the device or invisible to the lens.
2. Application / browser layer — lockdown and secure browsers. Good for other tabs and clipboard paste; blind to anything running outside the browser.
3. Device + network layer — enforcement at the operating system and network stack. This is where 2026-era AI cheating actually happens, and the layer no incumbent was built to defend. It is the layer Aiseptor operates in.

The methods that follow are how you defend the layer that matters — most of them at the device-and-network layer, plus the pairing controls that close the remaining gaps.

12 methods to prevent AI cheating in online assessments

1. Enforce a default-deny network policy per session

Start from the position that nothing is reachable unless the exam explicitly allows it. A default-deny architecture inverts the detection problem: instead of maintaining an ever-growing blocklist of AI tools, you maintain a short allowlist of what the assessment legitimately needs. Every other destination — including every AI inference endpoint — is dropped by default. This single control neutralizes the majority of cloud-based AI cheating regardless of the tool's name or UI.

2. Block AI inference endpoints at the network layer

Cloud AI assistance ultimately resolves to a request to a provider API. Blocking traffic to those endpoints — and the DNS lookups that precede them — stops the overlay or chatbot from ever receiving an answer. Because DNS resolution happens before encryption, it is the earliest and cheapest point of interception. An overlay that cannot reach a model API is inert.

3. Cover every network interface, not just the primary one

A control that only watches the main connection is bypassed by a mobile hotspot or a tethered phone. Effective prevention applies the session policy across all interfaces on the device, so a second connection cannot become an unmonitored tunnel to an AI service.

4. Detect and block on-device LLMs

A locally run model (Ollama, LM Studio, local GGUF files) generates no external API traffic, so network blocking alone won't catch it. Prevention here means OS-level signals: active local-inference processes, model-hosting services, and the model-update endpoints those tools phone home to. This is the fastest-growing evasion path and the one camera proctoring and lockdown browsers cannot see at all.

5. Neutralize invisible AI overlays by their dependency, not their name

Tools like Cluely, OpenCluely, and Parakeet draw answers directly on screen and exclude themselves from screenshots. Process-name and screenshot-hash detection fails the moment the binary is renamed. The durable method is to block the overlay's network path to its inference endpoint and pair it with OS signals (screen-capture-exclusion flags, GPU/process activity). Whatever it's called, it's useless if it can't reach a model.

6. Block remote-access and screen-share pivots

Remote-control tools (AnyDesk, TeamViewer, Chrome Remote Desktop) and conferencing screen-shares (Discord, Zoom, Teams) let an off-screen helper see the exam and feed answers. Their relay and control servers are blocked at the session boundary, so a remote operator can't reach the device and a local agent can't phone home.

7. Flag virtual machines and second-screen output

Hardened anti-detection VMs and HDMI/wireless-mirroring outputs move exam content somewhere the controls don't watch. Surfacing virtualization artifacts and blocking virtual/extended display outputs forces these high-effort evasions into manual review instead of letting them pass silently.

8. Make the audit trail tamper-evident

A clean session log is trivial to fabricate. Require a cryptographically signed, per-session audit trail of every blocked attempt and integrity signal. This is what converts "no violations recorded" into evidence you can actually defend when a credential or hire is challenged.

9. Prefer prevention over post-hoc detection

Detection flags after the candidate may have already finished; prevention stops the action in real time and produces zero false positives because it is deterministic — it blocks a destination, it doesn't guess at intent. Deterministic prevention also avoids the bias and dispute problems that come with behavioral scoring.

10. Protect candidate privacy to reduce bias and disputes

You do not need to surveil a candidate to secure a session. Network-layer enforcement uses no webcam, no microphone, no keystroke logging, and no screen recording, and can default to short data retention (24 hours). Less personal data collected means fewer privacy objections, less bias exposure, and fewer contested results — without weakening security.

11. Keep candidate friction near zero

A control that requires admin rights, a kernel driver, or a heavy install creates support tickets and abandonment, and pushes organizations back toward expensive in-person testing. An ephemeral, user-space enclave that deploys in about 30 seconds and removes itself at session end secures BYOD / unmanaged devices without leaving anything behind.

12. Layer network-layer prevention with physical proctoring where stakes demand it

Network-layer enforcement does not stop pen-and-paper notes or physical impersonation — those are the camera's job. For the highest-stakes exams, pair network-layer prevention (for the device/AI threats) with behavioral proctoring (for the physical ones). The layers are complementary, not competing.

Applying this to your assessment type

Online exams (academic & K-12)

Academic exams are high-volume and privacy-sensitive, which makes camera-only approaches both costly and contentious. Lead with network-layer enforcement to block AI overlays and on-device models, add behavioral proctoring only for the highest-stakes sittings, and keep retention short to satisfy student-privacy requirements.

Technical hiring & coding interviews

This is where AI cheating is most prevalent — nearly half of technical candidates are flagged. The exposure is invisible coding-assistant overlays and second devices during live or take-home assessments. Whitelist only the coding platform and approved docs, and block everything else, so candidates are evaluated on their own ability. See Aiseptor for platforms (Codility, HackerRank, CodeSignal-style integrations) and for enterprise hiring teams.

Professional certifications

Certification fraud scales through proxy rings and pay-after-pass services, and the move to remote delivery removed the test center's controls. A per-session enclave with a signed audit trail restores test-center-grade assurance without physical centers, and the tamper-evident record is what makes the credential verifiable downstream.

What to require when you evaluate a solution

Use this checklist when comparing vendors. The questions separate AI-era prevention from tools retrofit to mention it:

1. Where does enforcement run — inside the browser, or at the OS and network layer?
2. Is it default-deny, or does it rely on a blocklist of known AI tools?
3. Does it monitor DNS and block AI inference endpoints before a connection completes?
4. Can it detect on-device LLMs that produce no external traffic?
5. Does it cover all network interfaces, including hotspots and VPNs?
6. Is the audit trail cryptographically signed and tamper-evident?
7. What does it collect — and can it work without webcam, microphone, or keystroke logging?
8. What's the candidate friction — kernel driver and admin rights, or an ephemeral user-space agent?

If you're replacing or augmenting an incumbent, our alternatives comparisons walk through how network-layer enforcement maps against lockdown browsers, Respondus, Honorlock, and Proctorio.

The bottom line

AI-assisted cheating is not a harder version of the old cheating problem — it is a different problem at a different layer. Webcam proctoring and lockdown browsers still do what they were built to do, but the modern attacker operates beneath both. The organizations keeping assessments valid in 2026 are the ones that moved enforcement to the device and network layer, blocked the path instead of chasing the tool, and stopped collecting more candidate data than security actually requires.

Aiseptor is the network-layer security platform that assessment providers embed to prevent AI cheating — blocking invisible AI overlays, remote-access tools, and on-device LLMs in about 30 seconds, with no webcam and no kernel driver. See how it works → or try it free →.