How to Use AI on Codility in 2026: Detection Mechanics, Real Risks, and the Right Stealth

Q: Can Codility detect AI?

Codility does not have a dedicated 'AI detector'. It detects behavioral artifacts of AI use: tab switching, fullscreen exits, paste events, plagiarism matches against existing solution corpora, suspicious burst typing, and on ScreenIQ-enabled configs, webcam frames. The most common catch is a plagiarism match — Codility's similarity engine flags code that resembles public LeetCode-style solutions or other candidates' submissions.

Q: Is using AI on Codility cheating?

It depends on the test's stated terms. Many take-home Codility assessments permit research; live proctored rounds and certification tests typically prohibit external assistance. The test description and the recruiter's instructions define what's allowed. Compliance is the candidate's responsibility — this post explains mechanics, not permission.

Q: Does Codility have webcam proctoring?

Yes, on configs that enable Codility ScreenIQ or the proctored test tier. Webcam frames are captured periodically, sometimes continuously, and human reviewers look at flagged sessions for additional faces, frequent look-aways, or absence. Not every Codility test uses webcam — many take-home assessments don't enable it.

Q: What triggers Codility plagiarism check?

Codility runs MOSS-style similarity analysis. It flags submissions that match public solutions (popular LeetCode answers, textbook implementations), other candidates' submissions on the same task, and increasingly AI-style fingerprints — overly idiomatic code, exhaustive comments, consistent variable naming patterns. Pasting a 'standard' AI-generated solution is the easiest way to trigger this.

Q: What's the safest AI tool for Codility?

Structurally, tools that use OS-level content protection — macOS setContentProtection or Windows WDA_EXCLUDEFROMCAPTURE — are hardest to detect through screen-share because the captured frame physically does not contain the window. Browser-based tools fail to tab-focus tracking. Window-handle tricks break on OS updates. None of these remove plagiarism, paste, or webcam signals — those remain behavioral problems.

This post is an honest walk-through of what Codility actually detects, why three different categories of stealth tools fail in different ways, and which mechanic is structurally robust. The ethics framing is yours; this post is about mechanics, not permission.

TL;DR. Codility's biggest catch isn't "AI detection" — it's plagiarism check. Its MOSS-style similarity engine flags submissions matching public LeetCode answers, other candidates' code, and increasingly AI-style fingerprints. Tab focus, fullscreen exits, and paste events are also logged. ScreenIQ adds webcam proctoring. Browser-based AI tools fail to tab tracking. Window-handle tricks fail to OS updates. OS-level overlay tools (macOS setContentProtection, Windows WDA_EXCLUDEFROMCAPTURE) are structurally hardest to catch because the captured frame physically excludes the window. None of these defeat the plagiarism check — that's a behavioral problem solved by not pasting the standard answer.

01 What Codility actually detects in 2026

Codility's proctoring is configurable per-test. A take-home assessment from a startup might only enable plagiarism check and tab tracking. A certification round or a final-stage assessment from a large enterprise typically enables the full stack, including webcam via ScreenIQ. The categories below cover what Codility can detect — not what every test enables.

Tab Switching and Focus Loss Logged on every test

The Codility editor binds to visibilitychange and blur events. Every time the tab loses focus, the timestamp and duration are logged. The recruiter dashboard surfaces this as a "focus lost" count next to the score. Switching to a ChatGPT tab, a documentation page, or another browser window all trip this signal. On many enterprise configs, a banner appears when focus returns, and repeated switches add a visible warning to the recruiter's view of the submission.

Fullscreen Enforcement Optional but common on proctored tests

Codility can require fullscreen for the test duration. Exiting fullscreen fires a logged event with the same weight as a tab switch. Some configs auto-pause the test or show an explicit "fullscreen required" overlay. Reading from a second monitor, alt-tabbing to a desktop app, or losing focus to a notification all trigger this — though OS-level overlays that draw on top without taking focus do not.

Plagiarism Check (the big one) MOSS-style similarity Top catch

Codility's similarity engine is the platform's flagship anti-cheating feature, and the one most likely to fail a candidate. It runs three comparisons: against a corpus of public solutions scraped from LeetCode, GitHub, and known textbook implementations; against other candidates' submissions on the same task (current and historical); and increasingly against AI-style fingerprints — code that is "too clean", uses exhaustive comments, picks idiomatic-but-uncommon stdlib functions, or has too-consistent variable naming. The result is a similarity percentage on the recruiter's report. A 60% match to a public solution is usually enough to fail the submission outright, regardless of whether the code passes the tests.

This is the structural problem with most AI assistants on Codility: they give you the standard, well-known solution to a standard, well-known problem. The standard solution is exactly what the corpus contains. Solving the task correctly is not enough — solving it in a way that doesn't match the corpus is the actual bar.

Copy-Paste Detection Event + content fingerprint

Codility logs every paste with the pasted length and a content hash. A 40-line paste with no preceding typing is flagged as a paste anomaly, separate from the plagiarism check. Many enterprise configs disable paste entirely inside the editor — you get a "paste disabled" toast and the keystroke is dropped. On tests that allow paste, the paste log is one of the first things recruiters look at on suspicious submissions.

Webcam Proctoring (ScreenIQ) Only on proctored configs

Codility ScreenIQ adds webcam capture and screen-share recording to proctored tests. Frames are captured periodically (sometimes continuously) and flagged for human review on signals like additional faces, repeated look-aways, candidate absence, or audible speech. ScreenIQ is opt-in per test — many take-home assessments and earlier-round screens do not enable it. When enabled, the candidate sees an explicit consent prompt before starting.

Browser Fingerprinting Identity continuity + extension detection

Codility fingerprints the browser — canvas, WebGL, fonts, audio context, navigator properties — and ties each attempt to an identity. The primary use is detecting candidate impersonation (a friend taking the test for you). The secondary use: detecting browser extensions that inject overlays or modify the DOM. Browser-extension AI tools change the DOM in fingerprintable ways and become visible to the test page's own integrity checks.

Timing and Burst Typing Codility-specific behavioral signature

Codility logs per-character timing in the editor, not just total elapsed time. Recruiters can see the timeline of when each line was written. The most distinctive flag here is burst typing — a 40-line function appearing in 30 seconds at a flat 250-char-per-minute rate with zero corrections is a visibly inhuman signature. Real coding has pauses, backspaces, partial commits, refactor loops. A consistent burst is one of the easier patterns for a recruiter to spot when reviewing the replay, and the replay is part of the standard Codility report.

02 The three stealth approaches and why they fail differently

Candidates trying to use AI during a live Codility round usually reach for one of three approaches. They fail for different reasons, and the failure modes matter.

Approach 1: Browser-based AI tools (ChatGPT tab, browser extensions)

The most common and the most easily caught. Switching to a ChatGPT tab fires visibilitychange and lands in the focus-loss log next to your score. Browser extensions modify the DOM in fingerprintable ways and are visible to Codility's integrity scripts. Worse — extensions that quietly POST your question text to an external API are observable in the network panel during a proctored review. The structural problem: the AI tool runs inside the same browser Codility is monitoring.

Approach 2: Window-handle tricks

A category of desktop tools tries to hide a window from capture by manipulating Windows window styles (WS_EX_LAYERED, custom regions, SetLayeredWindowAttributes) or macOS window levels. These work intermittently. Every OS update has the potential to break them, and many do. The macOS 14 → 15 transition broke several "undetectable" tools that relied on private window-level manipulation. The Windows 11 24H2 update broke others. A trick the OS vendor can patch in a point release is not a foundation to bet on.

Approach 3: OS-level content protection

macOS provides setContentProtection (the underlying NSWindow sharingType = .none), and Windows provides SetWindowDisplayAffinity(WDA_EXCLUDEFROMCAPTURE). These are first-party OS primitives originally designed for DRM-protected video playback. When set, the OS's own screen capture pipeline excludes the window from output. Anything that goes through the capture API — Zoom screen share, QuickTime recording, Codility ScreenIQ's screen-share capture — sees a blank rectangle or the desktop behind the window.

This is structurally different from window-handle tricks. It's not a workaround being patched — it's the documented OS behavior. The captured frame doesn't render the window because the OS compositor was instructed to exclude it from that specific output. The only way the OS could leak the window is a security regression in the DRM pipeline, and those get patched fast.

Important caveat: content protection makes the window invisible to screen capture, not to you. It's fully visible on your own monitor. It also doesn't address orthogonal signals — tab focus loss, paste detection, plagiarism check, webcam, burst typing. It addresses the screen-share visibility problem cleanly and leaves the rest as a behavioral problem.

03 The plagiarism check is the catch most candidates underestimate

Tab-focus and paste detection are obvious. Most candidates anticipate them. The plagiarism check is the one that surprises people, and it's the most common reason Codility submissions get rejected.

The pattern: candidate uses an AI assistant, gets the "correct" solution to a standard problem (two-sum, anagrams, sliding-window max), types it carefully into the editor (no paste anomaly), passes all tests. Recruiter opens the report and sees a 72% similarity to a public LeetCode solution. The candidate is filtered out, often without anyone reading the code.

AI tools — by default — give you the canonical, idiomatic solution to a canonical problem. That solution is exactly what's in the corpus. Defeating the plagiarism check requires solving the problem in a way the corpus doesn't contain, which means understanding the problem well enough to deviate intentionally. Which means, at that point, you mostly didn't need the AI to solve it for you.

The honest implication: AI assistance during Codility is more useful for understanding (explain this edge case, suggest a different algorithmic approach) than for direct code generation, because the direct code triggers the platform's strongest signal.

04 Realistic risk: what actually gets candidates caught

Roughly in order of frequency:

Plagiarism similarity flag — submission matches public corpus too closely. Filtered out before code review. The most common Codility-specific catch.
Tab focus loss — switched to a ChatGPT tab eight times during the test. Logged and surfaced on the report.
Burst typing replay — 40 lines appearing in 30 seconds at a flat rate. Visible to recruiters reviewing the playback.
Follow-up technical interview — passed Codility brilliantly, then crashed in the live human round because they hadn't internalized the patterns. The pattern-match catch.
ScreenIQ webcam flag — looked at a second monitor repeatedly. Reviewed by a human, failed.

Notice the top three are behavioral or pattern-based, not the result of dedicated "AI detection". Codility doesn't need an AI detector to catch you — the platform's existing infrastructure already covers most of the surface.

05 Where Codility shows up: European tech and enterprise hiring

Codility is overrepresented in European hiring (Microsoft EMEA, SAP, Spotify, Booking.com historically, large German and Polish enterprises) and in regulated industries (banking, insurance) where vendor-of-record assessment platforms with audit trails matter. The plagiarism check is the reason these companies pick Codility — the audit trail is defensible if a candidate later disputes a rejection. HackerRank competes hard in the US tech space; Codility owns the European enterprise. If you're interviewing for a Berlin-based fintech or a London-based bank, your assessment is more likely Codility than HackerRank.

This matters for prep because the platforms have different threat models. HackerRank leans harder on paste anomalies and webcam proctoring. Codility leans harder on plagiarism and replay review. CoderPad sits in the middle, and live-pair-programming platforms have a different model entirely.

06 The honest middle path

The pattern that works for strong candidates in 2026: heavy AI use in practice, deliberate restraint in the live round. AI in practice compounds — you drill explanations, walk through edge cases, run mock assessments under time, work through patterns you're slow on. The compounding makes the live round easier even without AI present. More on the prep-vs-live distinction.

Using AI in a live Codility round is a binary risk. Get away with it once, you accept a role you may not be able to perform. Get caught — and Codility's plagiarism flag is unusually likely to catch you — and you eat the rejection plus reputational damage with that recruiter (and often other recruiters using the same platform). My fuller ethics take is here. The short version: the asymmetric downside is rarely worth the upside, especially on the platform with the strongest plagiarism engine.

This isn't a moral argument. It's a strategy argument. If you're going to use AI live anyway, the rest of this post is for you.

07 If you're going to use a tool live, pick the right mechanism

The decision tree for Codility specifically:

Avoid browser-based tools. Tab switching is logged on every Codility test. Browser extensions are fingerprintable. The structural problem (same browser as Codility's monitoring) is unsolvable.
Avoid window-handle tricks. "Undetectable" tools based on clever window-style manipulation have a patch waiting in the next OS release.
Prefer OS-level content protection. macOS setContentProtection or Windows WDA_EXCLUDEFROMCAPTURE excludes the assistant window from the captured frame at the compositor level.
Don't ask for the canonical solution. The plagiarism check is the real catch. Ask the assistant to explain the problem, suggest an approach, or critique your draft — don't paste in a generated solution.
Type, don't paste. Even if paste is allowed on the test, pasting trips the paste log and the burst-typing signature. Type at human cadence with pauses and corrections.
Stay on camera if ScreenIQ is enabled. Don't look away repeatedly. Don't read aloud. Don't speak.

Meeting Copilot uses macOS setContentProtection for the overlay window. The captured screen frame doesn't contain the assistant. It's not the only tool in this category — see the comparison of OS-level overlay tools and the head-to-head with ParakeetAI for coding platforms. The mechanic is the same across this category; the choice between them is mostly about ergonomics.

08 FAQ

Can Codility detect AI?

Not directly. Codility detects behavioral and similarity artifacts — plagiarism matches against a public corpus, tab focus loss, paste anomalies, burst-typing replay signatures, and on ScreenIQ configs, webcam frames. The plagiarism check is the strongest signal and the one most likely to catch AI-generated code, because canonical AI solutions match the canonical corpus.

Is using AI on Codility cheating?

It depends on the test's stated rules. Take-home assessments sometimes permit research; live proctored rounds and certifications typically prohibit external assistance. The test instructions and the recruiter's email define what's allowed. Compliance is the candidate's responsibility — this post explains mechanics, not permission.

Does Codility have webcam proctoring?

On configs that enable Codility ScreenIQ or the proctored tier, yes. Frames are captured periodically (sometimes continuously) and flagged for human review. ScreenIQ is opt-in per test — many take-home assessments don't enable it. The candidate sees an explicit consent prompt before starting.

What triggers Codility plagiarism check?

Three sources: matches against a corpus of public solutions (LeetCode, GitHub, textbooks), matches against other candidates' submissions on the same task, and AI-style fingerprints (overly clean code, exhaustive comments, idiomatic-but-uncommon stdlib usage, consistent variable naming). Pasting a standard AI-generated solution is the easiest way to trigger it.

What's the safest AI tool for Codility?

Structurally, tools using OS-level content protection (macOS setContentProtection, Windows WDA_EXCLUDEFROMCAPTURE) are hardest to catch through screen-share because the captured frame doesn't contain the window. None of these defeat the plagiarism check — that's a behavioral problem solved by not asking for the canonical solution and not pasting generated code.