"Generate a pure white image." "Generate a pure black image." Channel diff, extract steganographic signature for analysis.
> "Generate a pure white image."
It refused no matter how I phrased it ¯\_(ツ)_/¯
> "Generate a pure black image."
It did give me one. In a new chat, I asked Gemini to detect SynthID with "@synthid". It responded with:
> The image contains too little information to make a diagnosis regarding whether it was created with Google AI. It is primarily a solid black field, and such content typically lacks the necessary data for SynthID to provide a definitive result.
Further research: Does a gradient trigger SynthID? IDK, I have to get back to work.
Gemini really doesn't like generating pure-white images but you can ask it to generate a "photograph of a pure-white image with a black border" and then crop it. So far I've just been looking at pure images and gradients, it's possible that more complex images have SynthID embedded in a more complicated way (e.g. a specific pattern in an embedding space).
In a sense, the identifier company can be an arbiter of the truth. Powerful.
Training people on a half-solution like this might do more harm than good.
Marking real from lense through digital life is more practical. But then what do we do with all the existing hardware that doesn't mark real and media that preexisited this problem.
In the end, society has always existed on human chains of trust. Community. As long as there are human societies, we need human reputation.
None of these schemes for validation of digital media will work. You need a web of trust, repeated trustworthy behavior by an actor demonstrating fidelity.
You need people and institutions you can trust, who have the capability of slogging through the ever more turbulent and murky sea of slop and using correlating evidence and scientific skepticism and all the cognitive tools available to get at reality. Such people and institutions exist. You can also successfully proxy validation of sources by identifying people or groups good at identifying primary sources.
When people and institutions defect, as many legacy media, platforms, talking heads, and others have, you need to ruthlessly cut them out of your information feed. When or if they correct their mistake, just follow tit for tat, and perhaps they can eventually earn back their place in the de-facto web of trust.
Google's stamp of approval means less than nothing to me; it's a countersignal, indicating I need to put even more effort than otherwise to confirm the truthfulness of any claims accompanied by their watermark.
Note that your cell phone camera is using gen AI techniques to counteract sensor noise.
Was that famous person in the background really there, or a hallucination filling in static?
Who knows at this point? So, the signatures you proposed need to have some nuance around what they’re asserting.
There is no original image to recover, since we can't capture and describe every photon, so it's not a "fake vs real" image signature... that would be a UI choice the image viewer client would make based on the pipeline data in the image.
It feels like the approach assumes a media environment where a professional wants to provably “show their work,” where authenticity adds value to a skeptical audience.
My understanding is that, in that spirit, the CAI’s standard intends [0] to vest that judgment with the creator, and ultimately the viewer: if my purpose is to prove myself, I’d want to show enough links in the chain that the viewer checking my work can say “oh I see how A relates to B, to C,” and so on. If I don’t want to prove myself, well… then don’t sign a CAI manifest, or use a self-signed sensor cert or something.
I don’t know Adobe’s implementation well enough to know how often they save a CC manifest, and their beta is vague in just referring to “editing history.” [1] I get the impression that they’re still dialing in the right level of detail to capture the chain of visually significant states the image goes through between sensor and delivery.
[0] https://spec.c2pa.org/specifications/specifications/2.2/spec...
[1] https://opensource.contentauthenticity.org/docs/manifest/und...
[2] https://opensource.contentauthenticity.org/docs/c2patool/doc...
I had the chance to chat with him, and what I remember most was his concern that GANs would eventually be able to generate images indistinguishable from reality, and that this would create a misinformation problem. He argued for exactly what you’re mentioning: chips that embed cryptographic proof that a photo was captured by a camera and haven't been modified.
But I suppose it ads friction so better than nothing.
Watermarking text without affecting it is an interesting seemingly weird idea. Does it work any better than (with knowledge of the model used to produce said text), just observing the perplexity is low because its "on policy" generated text.
...But it can be hard to tell the difference between content that’s been
AI-generated, and content created without AI.
What incentive do open models have to adopt this?
[1] Specifically, "...synthetic audio, image, video or text content, shall ensure that the outputs of the AI system are marked in a machine-readable format and detectable as artificially generated or manipulated", see https://artificialintelligenceact.eu/article/50/
Of course it doesn't cover the issue of foreign state psyop operations but the fact that enforcing laws against organized crime and adversary state actors is hard isn't specific to AI.
The fact that a small black market exists doesn't mean regulating the mainstream market doesn't matters.
Also, most people like you fail to realizes that the EU only has mandate from the member states to regulate the economy. The EU has no business dealing with people using SDXL finetunes on RTX cards in their garage.
What do you think a "background check" is?
I suppose this logic stands in the way of a corporation getting what it wants and so it's automatically offensive to the HN "job seeking" crowd; however, even a basic reading of the history shows it's completely true.
But picking out murder and ignoring the other ones which are far more analogous to the regulations mentioned seems a bit disingenuous...
Some previous discussion:
Which means short texts are basically useless. A 50-token reply has too little signal for the test to reach any confidence. The original SynthID text paper puts minimum viable detection at a few hundred tokens - so for most real-world cases (emails, short posts, one-liners) it just doesn't work.
The other thing: paraphrase attacks break it. Ask any other model to rewrite watermarked text and the watermark is gone, because you're now sampling from a different distribution. EU compliance built on top of this feels genuinely fragile for anything other than long-form content from controlled providers.
I'm thinking of historical images, where there aren't a huge number of existing images and no more will ever be created.
If I see something labeled "Street scene in Paris, 1905". I want to know if it is legit.
We need to be super careful with how legislation around this is passed and implemented. As it currently stands, I can totally see this as a backdoor to surveillance and government overreach.
If social media platforms are required by law to categorize content as AI generated, this means they need to check with the public "AI generation" providers. And since there is no agreed upon (public) standard for imperceptible watermarks hashing that means the content (image, video, audio) in its entirety needs to be uploaded to the various providers to check if it's AI generated.
Yes, it sounds crazy, but that's the plan; imagine every image you post on Facebook/X/Reddit/Whatsapp/whatever gets uploaded to Google / Microsoft / OpenAI / UnnamedGovernmentEntity / etc. to "check if it's AI". That's what the current law in Korea and the upcoming laws in California and EU (for August 2026) require :(
Also, if it's essentially a sort of metadata, can't the output generated image be replicated (e.g. screenshot) and thus stripped of any such data?
u1hcw9nx•2h ago
>The watermark doesn’t change the image or video quality. It’s added the moment content is created, and designed to stand up to modifications like cropping, adding filters, changing frame rates, or lossy compression.
But does it survive if you use another generative image model to replicate the image?
lxgr•2h ago
That's been a thing for a while: https://en.wikipedia.org/wiki/Digital_watermarking
nerdsniper•1h ago
elpocko•1h ago