Most articles on "AI interview detection" are guesses. This one isn't. Every detection claim below links to the platform's own documentation, a dated news story, or published research. We build Interview Coder, so we have a stake in how this works — read it with that bias in mind, and check the sources.
The short version: detection in 2026 is not magic. It is a handful of concrete mechanisms running on a handful of surfaces. Once you know which surface each mechanism watches, the whole picture gets predictable. Almost everything an interview platform can see falls into three buckets: what happens inside the browser tab, what shows up in a screen recording, and what a camera or a human can observe about you. This is the all-platforms overview; for the two assessment platforms most candidates hit, there are deeper breakdowns of how HackerRank and CoderPad detect AI and a focused piece on how HackerRank detects cheating.
The three surfaces every detector watches
There is no detector that "sees AI." There are detectors that watch a surface and infer. Group them and the noise clears:
A fourth bucket sits apart because it doesn't watch you at all: content analysis. Plagiarism engines and AI-code classifiers score the text you submit against databases and stylistic fingerprints. They react to what you typed, not how you got it.
Here is the whole map on one screen — every platform in this guide scored against the four buckets, so you can see at a glance which surface each one actually watches:
| Platform | In-browser telemetry | Screen / screenshot capture | Camera or human | Content analysis |
|---|---|---|---|---|
| HackerRank | Yes — tab switch, copy-paste, typing cadence | Proctor Mode screenshots every 15s | Webcam snapshots every 5s, object/face detection | MOSS + ML model (~93% claimed) |
| CoderPad | Yes — paste + IDE-exit events, full keystroke playback | No | No | Re-submission match + LLM-code classifier |
| CodeSignal | Yes — copy-paste feeds Suspicion Score | Full-screen share required | Camera + mic required | Database + web crawl (LeakSweep) |
| Codility | Yes — opt-in Behavioral Events | Opt-in Screen Proctoring | Opt-in webcam snapshots | Similarity Check (no AI to flag) |
| Zoom / Meet / Teams / Chime | No | Share stream only (no detector) | Visible on call, no analysis | No |
| HireVue | Browser blur events (if enabled) | Only if screen share is turned on | Face-presence snapshots | Response-similarity scoring |
| Proctorio | Yes — clipboard + web traffic during exam | Captured by extension | Gaze + face detection | No |
| Fabric / Sherlock | Behavioral signals, not page events | No | Gaze, timing, audio environment | No |
Now the mechanisms, platform by platform, with sources.
HackerRank
HackerRank ships two proctoring tiers — Secure Mode and Proctor Mode — plus an opt-in desktop app. Here is what each one actually does.
In-browser telemetry. Tab-switch detection flags leaving the test window, and HackerRank's own engineering write-up states that "tab proctoring works by monitoring browser focus events and detecting when the assessment window loses focus" (HackerRank). Copy-paste into the editor is disabled to block pasting external content, and as of the October 2025 release, copy-paste tracking and tab proctoring are on by default. Secure Mode also enforces full-screen and refuses to start — or auto-pauses — if it detects more than one monitor (HackerRank Secure Mode).
Screen and camera capture. Proctor Mode captures webcam snapshots every five seconds and screenshots every 15 seconds, increasing frequency around flagged moments, and runs object/face detection to flag phones, missing faces, or multiple faces (HackerRank Proctor Mode). Recruiters see this consolidated into an Integrity Summary covering "tab switching, copy and paste activity, typing cadence anomalies, external tool usage, code similarity, and environment alerts" (HackerRank).
Content analysis. This is HackerRank's deepest layer. A token-level MOSS check compares your code against other candidates' submissions and is on by default for all tests (HackerRank MOSS). On top of that, an ML plagiarism model evaluates "dozens of signals across three categories: coding behavior features, attempt submission features, and question features," with a claimed ~93% accuracy, designed to flag referencing of external solutions rather than just literal pastes (HackerRank). The full deep dive is in how HackerRank detects cheating.
The one configuration that reaches outside the browser is the HackerRank Desktop App / App Mode, also from the October 2025 release, which "prevents unauthorized applications, and monitoring activity throughout the session" (release notes). That is a downloadable app the recruiter has to mandate — it is not the standard browser test.
CoderPad
CoderPad's live Interview product and its Screen take-home product share one engine, and the client-side integrity stack runs entirely inside the candidate's browser tab.
In-browser telemetry. CoderPad alerts the interviewer when a candidate "Pastes code from an external source" and when a candidate "Leaves the IDE (e.g., tab-switching)" (CoderPad). Its Playback Mode records "every keystroke of every participant within a pad," plus copy/paste and IDE-exit events, so a reviewer can replay exactly how the code was built; pastes show as yellow dots and focus loss shows as orange "clicked away for 19 seconds" markers (CoderPad Playback).
Content and context. Screen "will recognize if a candidate submits the exact code previously submitted by another candidate," tracks approximate IP geolocation "to spot any unusual behavior," and flags "difficult questions completed in a fraction of the usual time" (CoderPad). CoderPad's ChatGPT integration also generates a follow-up question "asking a candidate to explain a piece of their code and then validate the answer" — verification by questioning, not output detection (CoderPad blog). Third-party reporting describes a probabilistic LLM-generated-code classifier added to Screen in 2025 that "operates on the submitted code rather than on the keystroke stream," scoring variable-naming consistency, comment style, and structural patterns (TechScreen, ShadeCoder) — though CoderPad's own docs note it "does not directly detect external AI tools running on the candidate's desktop." More in the HackerRank and CoderPad detection deep dive and the older CoderPad cheating overview.
CodeSignal and Codility
These two assessment platforms lean hardest on content matching, and both run their proctoring inside Chrome or Firefox.
Content matching is the headline. CodeSignal's Suspicion Score cross-checks a solution against its database of all submitted solutions, crawls the web for similar code, and folds in copy-paste telemetry to produce a None-to-High trust rating per submission (CodeSignal, PDF). Its LeakSweep tech continuously monitors sites like Stack Overflow and LeetCode for leaked questions. Codility's Similarity Check cross-references every new solution against submitted solutions, detected leaks, and AI-generated answers, then routes matches to its tech team — and Codility explicitly states it does not use AI to decide whether to flag (Codility).
In-browser telemetry. Codility's opt-in Behavioral Events logs copy-paste into the IDE, tab switching / window-focus loss, abnormally short time-on-task, and copying the task description (Codility). CodeSignal's equivalent is the copy-paste telemetry that feeds its Suspicion Score, described above.
Capture. CodeSignal's browser proctoring requires camera, microphone, and full-screen share permission in the browser, all active for the whole test (CodeSignal support). Codility's Screen Proctoring lets the candidate share a tab, a window, or the entire screen via the browser's screen-share prompt — and the entire-screen choice captures every external window (Codility). Codility also takes webcam snapshots at intervals and when a proctoring event fires (Codility Video Proctoring). For more on the recording question specifically, see the existing HackerRank proctoring breakdown.
Video calls: Zoom, Meet, Teams, Chime
This is the surprise for most people. None of Zoom, Google Meet, Microsoft Teams, or Amazon Chime runs any AI cheating detection on a shared screen. Their only relevant "mechanism" is the screen-share stream itself: whatever pixels the operating system hands them get broadcast. What gets exposed is decided by the OS capture pipeline and your share-scope choice, not by any platform-side detector.
The practical catch: a browser-extension or browser-tab interview tool is a capturable surface, so a whole-screen share composites its tab right into the frame and the interviewer sees it. A separate native window that the OS compositor is told to exclude is a different story (more on that below).
Async video and proctoring: HireVue, Proctorio
These tools detect from inside the browser plus the webcam.
Proctorio is a Chrome extension with no native install. It detects the number of monitors attached and can force you to unplug extras (UVU guide); for clipboard control it "replaces the clipboard text with its own text to prevent copying and pasting of exam content" and "monitors web traffic only during the designated exam period" (Proctorio); and it runs gaze detection "to see if a test-taker is looking away from the screen for an extended period of time" plus face detection and keystroke-anomaly monitoring, while stating it does not track precise eye movement (Proctorio FAQ). Independent research on Proctorio-class gaze systems is blunt about the limit: a model "only shows gaze directions… it doesn't show where on the screen the test taker is actually looking" (arXiv).
HireVue logs browser blur events when focus leaves the assessment tab — but only that focus left and returned, not the content of other tabs, and only when the employer enables the flag (Ace Round). It takes periodic face-presence snapshots, runs response-similarity scoring across candidates, and — importantly — "cannot see the content of your screen in standard async video interviews" unless the employer explicitly turns on screen sharing for a technical assessment (Ace Round).
The 2026 behavioral layer — and the in-person comeback
The newest detection vendors gave up trying to see the tool and started watching you. Fabric's study of 19,368 interviews describes scoring 20+ behavioral signals per live interview — gaze tracking, response-timing consistency, keystroke dynamics, and "response lag loops": a consistent 3–5 second delay regardless of question difficulty, where a candidate takes "4 to 5 seconds to state their name, and… 4 to 5 seconds to explain database optimization" (Fabric). The same study reports 38.5% of interviews flagged, with technical roles around 48%, and rates spiking roughly 3x in late 2025 (Fabric). Sherlock layers device activity, audio environment, and behavior into a multimodal classifier (Sherlock).
Notice what all of this targets: the candidate's eyes, voice, timing, and room — your reaction to using help, not the software's presence on the machine. The same signals fire whether you're reading off a phone, a second monitor, or anything else.
Here is the failure mode made concrete. Picture two candidates on the same live screen-share round. Candidate A answers "what's your name?" instantly, then sits silent for four seconds before every technical answer — easy and hard questions alike. Candidate B answers fast when the question is easy and takes longer only on the genuinely hard one. To a behavioral classifier, A is the obvious flag: the flat lag is the tell, because real comprehension speeds up on the trivial questions and slows on the hard ones, while a candidate reading off help has the same wait every time. This is exactly the "response lag loop" Fabric describes — a steady 3–5 second delay regardless of difficulty (Fabric). The practical takeaway: the thing that gets people caught in 2026 is not the overlay on screen, it's the rhythm of their answers. Vary your pace to match the actual difficulty, and answer the trivial stuff at human speed.
The biggest 2026 countermeasure isn't technical at all. Google reinstated at least one in-person round, Amazon now requires a signed no-unauthorized-AI pledge, and Gartner reports 72.4% of recruiting leaders now interview in person to fight fraud (Entrepreneur, Computerworld). The stated reason is candidates who "use AI to create code that they cannot explain" and fold under follow-up questions. That is a knowledge problem, not a detection problem.
So where does a native desktop overlay sit?
Re-read the three surfaces. A native desktop tool with OS-level window exclusion sits outside all of them, for architectural reasons rooted in how each mechanism works — this is reasoning from the platforms' own stated mechanisms, not a claim that we tested and beat each one.
SetWindowDisplayAffinity(WDA_EXCLUDEFROMCAPTURE) is removed by the Desktop Window Manager from every capture surface before the conferencing app receives the frame (Microsoft docs). On macOS, sharing a single window means the requesting app "only ever receives streams for the selected windows" and everything else stays private (addpipe). Fabric describes the result of this design directly: the overlay "renders at the GPU level rather than in the application layer, so screen-sharing software simply cannot see it" (Fabric). One honest caveat: relying only on the legacy macOS NSWindow.sharingType = .none flag is no longer enough on macOS 15+, because ScreenCaptureKit ignores it (tauri issue) — reliable exclusion depends on the per-window picker isolation, not that deprecated flag.The honest framing matters here, because it's what makes the argument hold up. No tool can promise 100% on every platform. What we can say is specific and checkable: a native, screen-capture-excluded, keyboard-only overlay is structurally the hardest thing for each of these mechanisms to flag, mechanism by mechanism, for the reasons sourced above. And on the record, Interview Coder reports 100,000+ users and zero documented detection cases. Treat that as the company's claim, weigh it against your own risk tolerance, and remember the two things no software fixes: the content-similarity engines react to the code itself, and you still have to be able to explain what you submit. For the tool-by-tool comparison, see the best AI interview tools roundup, the Parakeet review, and the broader take on HackerRank cheating.
For the tool side of this — which setups actually evade these methods — see our guide to undetectable AI interview tools.
What this means for you
Detection is predictable once you stop thinking about "AI detectors" and start thinking about surfaces. Browser tools get caught by browser telemetry and whole-screen shares. Content engines catch pasted and AI-stylized code regardless of how it arrived. Cameras and humans catch your behavior. A native window-excluded overlay avoids the first surface entirely and is structurally absent from the second — which is exactly why the detection conversation in 2026 has shifted toward your eyes, your timing, and the in-person room.
If you want to practice working with help in a way that keeps the residual risk low — keeping your timing natural and actually understanding the code you submit — that's what Interview Coder is built for. Full disclosure: this guide is published by Interview Coder, its own product. Free is $0, Monthly Pro is $299, and Lifetime Pro is $799 one-time; coding answers run on Claude Sonnet 4.6. Start free and see whether it fits how you interview.


