I guess this is the start of a new arms race on making generated content pass these checks undetected and detecting them anyway.

Create the problem, sell the solution.

You can never be sure something has been generated by a model embedding one of these anyway, so it’s pretty moot.

"The watermarks are embedded across Google’s generative AI consumer products, and are imperceptible to humans."

I'd love to see the data behind this claim, especially on the audio side.

I am not sure that text watermarking will be accurate, I foresee plenty of false positives.

looks like the same as anti-virus companies in the 80s? Write virus, Write anti-virus and profit!

Could anybody explain how this isn't easily circumvented by using a competitor's model?

Also, if everything in the future has some touch of AI inside, for example cameras using AI to slightly improve the perceived picture quality, then "made with AI" won't be a categorization that anybody lifts an eyebrow about.

the beginning of walled garden “AI” tools has been interesting to follow

i find the premise to be an invalid one personally - why is the property that a works from an AI model must be identified/identifiable?

OpenAI has been doing something similar for generated images using C2PA [0]

It is easy to alter by just saving to a different format or basic cropping.

I would love to see how SynthID is fixing this issue.

https://help.openai.com/en/articles/8912793-c2pa-in-chatgpt-...

> Large language models generate text one word (token) at a time. Each word is assigned a probability score, based on how likely it is to be generated next. So for a sentence like “My favourite tropical fruits are mango and…”, the word “bananas” would have a higher probability score than the word “airplanes”.

> SynthID adjusts these probability scores to generate a watermark. It's not noticeable to the human eye, and doesn’t affect the quality of the output.

I think they need to be clearer about the constraints involved here. If I ask What is the capital of France? Just the answer, no extra information.” then there’s no room to vary the probability without harming the quality of the output. So clearly there is a lower bound beyond which this becomes ineffective. And presumably the longer the text, the more resilient it is to alterations. So what are the constraints?

I also think that this is self-interest dressed up as altruism. There’s always going to be generative AI that doesn’t include watermarks, so a watermarking scheme cannot tell you if something is genuine. It is, however, useful for determining that something came from a specific provider, which could be valuable to Google in all sorts of ways.

I wonder if, conversely, authentic media can be falsely watermarked as AI-generated.

It only works across Google shit.