Explains why metadata-based AI watermarks like C2PA fail when images are screenshotted or re-encoded, and proposes a layered approach combining frequency-domain, neural, and perceptual fingerprinting watermarking that survives real-world social media round-trips.
Good, this changes the draft meaningfully — you've actually got a real technical differentiator on the watermarking side (spread-spectrum + neural marks + perceptual fingerprinting), not just "we watermark stuff." Here's the rewrite: Title: Why most "AI watermarks" die the moment someone screenshots the image (and the layered fix that actually survives it) Body: Spent a while in the content provenance space and this gap trips people up constantly. Most people think C2PA (Content Credentials) is "the" AI watermark standard now — Adobe, OpenAI, Google, camera makers are all on it. But C2PA is metadata riding alongside the file, not embedded in the pixels. Screenshot it, re-encode it, upload it to social media and that metadata's gone. New file, zero provenance. This is a known, acknowledged failure, even called out directly in the EU's AI Act Code of Practice. The actual fix is watermarking embedded in the content itself, and even that isn't one technique but it's layers, because different attacks break different watermark types: Frequency-domain watermarks (spread across DCT coefficients) survive normal JPEG recompression and resizing Neural watermarks (trained models, not fixed math) hold up where frequency-domain marks fail — screenshot-recapture, heavy recompression, format transcoding, full video re-encodes. This is the difference between "survives being saved twice" and "survives a Twitter/TikTok round-trip" Perceptual fingerprinting (pHash-style) is the fallback layer which recovers provenance even after the watermark itself gets destroyed by a hard resize or reformat, by fuzzy-matching the content against known signed originals None of these alone is sufficient. That's the actual state of the field right now and anyone claiming a single watermark "solves" provenance is oversimplifying it. I ended up building this stack out (frequency + neural + fingerprinting, layered) after running into these exact failure modes myself — certivu.ai if anyone wants to poke at it or compare notes. Happy to go deeper on any of this if you're dealing with it.
A discussion about the potential for mandatory watermarking of AI-generated content to prevent scams, referencing Google's invisible watermarks in images.
OpenAI announces tools and research efforts to help verify content authenticity, including text watermarking, metadata approaches, and expanded image detection with C2PA metadata integration for tracking AI-generated and edited content.
Security researcher details how Google’s SynthID invisible watermark for AI-generated images can be reversed, undermining media-provenance claims and highlighting fundamental flaws in proprietary watermarking schemes.
A CLI and library that removes visible and invisible AI watermarks from images generated by various AI models, including metadata stripping and diffusion-based regeneration.
OpenAI announced new measures including C2PA metadata and SynthID watermarks to help verify images generated by its models, along with a public verification tool.