[_ck_]

Definitely make sure you are using the newest Human Test.

If you are, and they are bypassing it, I need to know so I can break out the next level of protection.

I have not tried this plugin but it might help somewhat:

New Stop Forum Spam API Plugin; Block Fake User Registrations

Last but not least, if you have wordpress integrated they might be sneaking though there even if you have the links to it’s registration page disabled, it still leaves the api open (you’d have to physically rename/remove wp-login.php)