Provenance — C2PA, SynthID, Watermarking

Two families of provenance technology. One attaches signed metadata. The other embeds invisible patterns in the pixels or waveform. Here's how to implement both. The manifest contains ASSERTIONS (who captured/generated it, which tools/models, editing history, bounding boxes of AI-generated regions).

36 min · Reviewed 2026

Why provenance matters in 2026

The EU AI Act (Article 50, applicable August 2026) requires providers of AI systems that generate synthetic content to ensure outputs are marked as artificially generated. California's AB 2655/2839 and similar state laws in the US create adjacent obligations. The TAKE IT DOWN Act (US federal, 2025) criminalizes non-consensual intimate deepfakes. Provenance isn't optional for serious products anymore.

Two approaches, complementary

Approach	How it works	Survives editing?	Cryptographically verifiable?
C2PA Content Credentials	Signed metadata manifest attached to file.	No — stripped by naive tools. Yes if CAI-aware tools preserve it.	Yes — PKI-based signatures.
SynthID (Google)	Imperceptible signal embedded in pixels / waveform / tokens.	Survives most editing (crop, compression, recolor).	Yes — Google's detector, not public.
Traditional watermark (Stability, others)	Invisible pattern in pixels.	Partial — resilient to compression, breaks on heavy edits.	Provider-specific.
Perceptual hash (PhotoDNA, PDQ)	Fingerprint of the image; used for matching against known-bad DB.	Robust — designed for hash-based matching.	Not about authorship; about matching.

C2PA — the metadata standard

C2PA defines a signed 'manifest' that travels with a file (JPEG, PNG, MP4, WAV). The manifest contains ASSERTIONS (who captured/generated it, which tools/models, editing history, bounding boxes of AI-generated regions). The manifest is signed by the creator's certificate (issued by a C2PA-trusted authority). Verification is cryptographic.

# Using c2pa-python (Adobe's reference implementation)
from c2pa import Builder, create_signer, SigningAlg

# Create a signer from your cert + key (issued by a C2PA-trusted CA)
signer = create_signer(
    certs_path="./my-certificate-chain.pem",
    private_key_path="./my-private.key",
    alg=SigningAlg.PS256,
)

# Build a manifest
manifest_json = {
    "claim_generator": "tendril-creative-studio/1.0",
    "format": "image/png",
    "assertions": [
        {
            "label": "c2pa.actions",
            "data": {"actions": [
                {"action": "c2pa.created", "softwareAgent": "Flux 1.1 Pro"},
                {"action": "c2pa.edited", "softwareAgent": "Photoshop 2026"},
            ]},
        },
        {
            "label": "c2pa.training-mining",
            "data": {"entries": {
                "c2pa.ai_generative_training": {"use": "notAllowed"},
            }},
        },
    ],
}

builder = Builder(manifest_json)
builder.sign_file(
    signer=signer,
    source_path="./ai_generated.png",
    dest_path="./ai_generated_signed.png",
)

# Anyone with the C2PA Reader can verify this file
# and see it was AI-generated, edited in Photoshop, and
# the creator opted out of training.Sign a C2PA manifest onto an AI-generated image.

SynthID — Google's signal-in-the-pixels

SynthID embeds detection signals directly in pixels (for images), spectrograms (for audio), and token distributions (for text). Unlike C2PA, it survives crops, color adjustments, and re-encoding. The tradeoff: SynthID only detects Google-generated content (Gemini, Imagen, Veo, Lyria). It's not an open standard.

Combining both

Generate the media with whatever pipeline you use.
Apply the provider's watermark (SynthID if Google; vendor-specific otherwise).
Sign a C2PA manifest with AI generation details and editing history.
On downstream editing, preserve the C2PA manifest; append edit assertions.
At distribution, surface a 'Content Credentials' badge — users click to see provenance.

Verification UX

// Browser-side: verify C2PA badge using @contentauth/sdk
import { createC2pa } from "@contentauth/sdk";

const c2pa = await createC2pa({
  wasmSrc: "/c2pa-wasm.wasm",
  workerSrc: "/c2pa.worker.js",
});

const { manifestStore } = await c2pa.read(imageBlob);
if (!manifestStore) {
  // No Content Credentials — unknown provenance
  return { verified: false, reason: "no_manifest" };
}

const active = manifestStore.activeManifest;
const aiActions = active.assertions.data.find((a) => a.label === "c2pa.actions");
const aiGenerated = aiActions?.data.actions.some(
  (a) => a.action === "c2pa.created" && a.softwareAgent
);

return {
  verified: true,
  aiGenerated,
  signer: active.signatureInfo?.issuer,
  editHistory: aiActions?.data.actions,
};Read and display Content Credentials in a browser UI.

Limitations to be honest about

Metadata can be stripped. A screenshot kills C2PA metadata.
SynthID only covers Google-generated content.
Watermark detection is only meaningful if the detector is public or federated — most aren't.
Adversaries with GPU budget can train models to denoise watermarks out (active arms race).
C2PA certificates require PKI infrastructure — not everyone can become a signer easily.

End-of-lesson check

15 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-creative-provenance-creators

What is the core idea behind "Provenance — C2PA, SynthID, Watermarking"?
1. Two families of provenance technology. One attaches signed metadata. The other embeds invisible patterns in the pixels or waveform. Here's how to implement both. The manifest contains ASSERTIONS (who captured/generated it, which tools/models, editing history, bounding boxes of AI-generated regions).
2. 'Make a song list for a band called The Cosmic Pancakes.'
3. Predict location constraints.
4. AI image gen tempts you toward generic styles.
Which term best describes a foundational idea in "Provenance — C2PA, SynthID, Watermarking"?
1. Content Credentials
2. C2PA
3. SynthID
4. watermarking
A learner studying Provenance — C2PA, SynthID, Watermarking would need to understand which concept?
1. C2PA
2. SynthID
3. Content Credentials
4. watermarking
Which of these is directly relevant to Provenance — C2PA, SynthID, Watermarking?
1. C2PA
2. Content Credentials
3. watermarking
4. SynthID
Which of the following is a key point about Provenance — C2PA, SynthID, Watermarking?
1. Generate the media with whatever pipeline you use.
2. Apply the provider's watermark (SynthID if Google; vendor-specific otherwise).
3. Sign a C2PA manifest with AI generation details and editing history.
4. On downstream editing, preserve the C2PA manifest; append edit assertions.
Which of these does NOT belong in a discussion of Provenance — C2PA, SynthID, Watermarking?
1. Apply the provider's watermark (SynthID if Google; vendor-specific otherwise).
2. Generate the media with whatever pipeline you use.
3. Sign a C2PA manifest with AI generation details and editing history.
4. 'Make a song list for a band called The Cosmic Pancakes.'
Which statement is accurate regarding Provenance — C2PA, SynthID, Watermarking?
1. SynthID only covers Google-generated content.
2. Watermark detection is only meaningful if the detector is public or federated — most aren't.
3. Metadata can be stripped. A screenshot kills C2PA metadata.
4. Adversaries with GPU budget can train models to denoise watermarks out (active arms race).
Which of these does NOT belong in a discussion of Provenance — C2PA, SynthID, Watermarking?
1. SynthID only covers Google-generated content.
2. 'Make a song list for a band called The Cosmic Pancakes.'
3. Watermark detection is only meaningful if the detector is public or federated — most aren't.
4. Metadata can be stripped. A screenshot kills C2PA metadata.
What is the key insight about "Don't over-promise" in the context of Provenance — C2PA, SynthID, Watermarking?
1. Provenance is a DEFENSE IN DEPTH strategy. It makes the legitimate use case cheap and the deceptive use case more expens…
2. 'Make a song list for a band called The Cosmic Pancakes.'
3. Predict location constraints.
4. AI image gen tempts you toward generic styles.
What is the key insight about "Implementation priority" in the context of Provenance — C2PA, SynthID, Watermarking?
1. 'Make a song list for a band called The Cosmic Pancakes.'
2. For a shipping product in 2026: (1) preserve incoming C2PA manifests, (2) sign outgoing AI-generated content with C2PA, …
3. Predict location constraints.
4. AI image gen tempts you toward generic styles.
What is the recommended tip about "Use AI as a co-creator" in the context of Provenance — C2PA, SynthID, Watermarking?
1. 'Make a song list for a band called The Cosmic Pancakes.'
2. Predict location constraints.
3. Set creative constraints before generating: tone, length, style reference, POV.
4. AI image gen tempts you toward generic styles.
Which statement accurately describes an aspect of Provenance — C2PA, SynthID, Watermarking?
1. 'Make a song list for a band called The Cosmic Pancakes.'
2. Predict location constraints.
3. AI image gen tempts you toward generic styles.
4. The EU AI Act (Article 50, applicable August 2026) requires providers of AI systems that generate synthetic content to ensure outputs are ma…
What does working with Provenance — C2PA, SynthID, Watermarking typically involve?
1. C2PA defines a signed 'manifest' that travels with a file (JPEG, PNG, MP4, WAV).
2. 'Make a song list for a band called The Cosmic Pancakes.'
3. Predict location constraints.
4. AI image gen tempts you toward generic styles.
Which of the following is true about Provenance — C2PA, SynthID, Watermarking?
1. 'Make a song list for a band called The Cosmic Pancakes.'
2. SynthID embeds detection signals directly in pixels (for images), spectrograms (for audio), and token distributions (for text).
3. Predict location constraints.
4. AI image gen tempts you toward generic styles.
Which best describes the scope of "Provenance — C2PA, SynthID, Watermarking"?
1. It is unrelated to creative workflows
2. It applies only to the opposite beginner tier
3. It focuses on Two families of provenance technology. One attaches signed metadata. The other embeds invisible patt
4. It was deprecated in 2024 and no longer relevant

← Back to interactive lesson

Tendril · Creators · Creative AI