Provenance — C2PA, SynthID, Watermarking

Two families of provenance technology. One attaches signed metadata. The other embeds invisible patterns in the pixels or waveform. Here's how to implement both. The manifest contains ASSERTIONS (who captured/generated it, which tools/models, editing history, bounding boxes of AI-generated regions).

36 min · Reviewed 2026

Why provenance matters in 2026

The EU AI Act (Article 50, applicable August 2026) requires providers of AI systems that generate synthetic content to ensure outputs are marked as artificially generated. California's AB 2655/2839 and similar state laws in the US create adjacent obligations. The TAKE IT DOWN Act (US federal, 2025) criminalizes non-consensual intimate deepfakes. Provenance isn't optional for serious products anymore.

Two approaches, complementary

Approach	How it works	Survives editing?	Cryptographically verifiable?
C2PA Content Credentials	Signed metadata manifest attached to file.	No — stripped by naive tools. Yes if CAI-aware tools preserve it.	Yes — PKI-based signatures.
SynthID (Google)	Imperceptible signal embedded in pixels / waveform / tokens.	Survives most editing (crop, compression, recolor).	Yes — Google's detector, not public.
Traditional watermark (Stability, others)	Invisible pattern in pixels.	Partial — resilient to compression, breaks on heavy edits.	Provider-specific.
Perceptual hash (PhotoDNA, PDQ)	Fingerprint of the image; used for matching against known-bad DB.	Robust — designed for hash-based matching.	Not about authorship; about matching.

C2PA — the metadata standard

C2PA defines a signed 'manifest' that travels with a file (JPEG, PNG, MP4, WAV). The manifest contains ASSERTIONS (who captured/generated it, which tools/models, editing history, bounding boxes of AI-generated regions). The manifest is signed by the creator's certificate (issued by a C2PA-trusted authority). Verification is cryptographic.

# Using c2pa-python (Adobe's reference implementation) from c2pa import Builder, create_signer, SigningAlg # Create a signer from your cert + key (issued by a C2PA-trusted CA) signer = create_signer( certs_path="./my-certificate-chain.pem", private_key_path="./my-private.key", alg=SigningAlg.PS256, ) # Build a manifest manifest_json = { "claim_generator": "tendril-creative-studio/1.0", "format": "image/png", "assertions": [ { "label": "c2pa.actions", "data": {"actions": [ {"action": "c2pa.created", "softwareAgent": "Flux 1.1 Pro"}, {"action": "c2pa.edited", "softwareAgent": "Photoshop 2026"}, ]}, }, { "label": "c2pa.training-mining", "data": {"entries": { "c2pa.ai_generative_training": {"use": "notAllowed"}, }}, }, ], } builder = Builder(manifest_json) builder.sign_file( signer=signer, source_path="./ai_generated.png", dest_path="./ai_generated_signed.png", ) # Anyone with the C2PA Reader can verify this file # and see it was AI-generated, edited in Photoshop, and # the creator opted out of training.Sign a C2PA manifest onto an AI-generated image.

SynthID — Google's signal-in-the-pixels

SynthID embeds detection signals directly in pixels (for images), spectrograms (for audio), and token distributions (for text). Unlike C2PA, it survives crops, color adjustments, and re-encoding. The tradeoff: SynthID only detects Google-generated content (Gemini, Imagen, Veo, Lyria). It's not an open standard.

Combining both

Generate the media with whatever pipeline you use.
Apply the provider's watermark (SynthID if Google; vendor-specific otherwise).
Sign a C2PA manifest with AI generation details and editing history.
On downstream editing, preserve the C2PA manifest; append edit assertions.
At distribution, surface a 'Content Credentials' badge — users click to see provenance.

Verification UX

// Browser-side: verify C2PA badge using @contentauth/sdk import { createC2pa } from "@contentauth/sdk"; const c2pa = await createC2pa({ wasmSrc: "/c2pa-wasm.wasm", workerSrc: "/c2pa.worker.js", }); const { manifestStore } = await c2pa.read(imageBlob); if (!manifestStore) { // No Content Credentials — unknown provenance return { verified: false, reason: "no_manifest" }; } const active = manifestStore.activeManifest; const aiActions = active.assertions.data.find((a) => a.label === "c2pa.actions"); const aiGenerated = aiActions?.data.actions.some( (a) => a.action === "c2pa.created" && a.softwareAgent ); return { verified: true, aiGenerated, signer: active.signatureInfo?.issuer, editHistory: aiActions?.data.actions, };Read and display Content Credentials in a browser UI.

Limitations to be honest about

Metadata can be stripped. A screenshot kills C2PA metadata.
SynthID only covers Google-generated content.
Watermark detection is only meaningful if the detector is public or federated — most aren't.
Adversaries with GPU budget can train models to denoise watermarks out (active arms race).
C2PA certificates require PKI infrastructure — not everyone can become a signer easily.

End-of-lesson check

10 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-creative-provenance-creators

What is the main idea of "Provenance — C2PA, SynthID, Watermarking"?
1. Two families of provenance technology.
2. Use AI as the final authority for the whole decision
3. Avoid checking the answer once it sounds polished
4. Focus only on speed instead of judgment
Which concept is most central to "Provenance — C2PA, SynthID, Watermarking"?
1. Content Credentials
2. C2PA
3. SynthID
4. watermarking
Which use of AI fits this topic best?
1. Metadata can be stripped. A screenshot kills C2PA metadata.
2. Let the AI decide what matters without your review
3. Generate the media with whatever pipeline you use.
4. Use the answer before checking whether it fits the situation
Which limitation should you watch for in this topic?
1. Generate the media with whatever pipeline you use.
2. Explain the topic in plain language
3. Organize a draft for human review
4. Metadata can be stripped. A screenshot kills C2PA metadata.
What should a careful learner remember about "Don't over-promise"?
1. Use AI to draft or organize ideas about C2PA, then verify before acting.
2. Skip the context so the tool can guess faster
3. Treat the output as private even after sharing it online
4. Use the answer without checking the source
You want to use AI after this lesson. What is the safest next step?
1. Act immediately because the AI answer is written clearly
2. Use AI for drafting and comparison, but verify before publishing or relying on it.
3. Hide uncertainty so the final answer looks cleaner
4. Use private or sensitive details before checking permission
How should AI output about C2PA be treated?
1. As proof that no other source is needed
2. As a replacement for context, consent, or expert review
3. As a draft or helper output that still needs human judgment and verification
4. As something that becomes correct when it sounds confident
Name one way to verify an AI answer about C2PA.
Which action would help you apply "Provenance — C2PA, SynthID, Watermarking" responsibly?
1. SynthID only covers Google-generated content.
2. Use the tool to avoid thinking through the tradeoff
3. Keep going even if the output conflicts with a trusted source
4. Apply the provider's watermark (SynthID if Google; vendor-specific otherwise).
Which choice is a bad use of AI for this lesson?
1. SynthID only covers Google-generated content.
2. Generate the media with whatever pipeline you use.
3. Ask for a plain-language explanation of Content Credentials
4. Compare the answer with a trusted source

← Back to interactive lesson

Tendril · Creators · Creative AI