Lesson 62 of 2116
Provenance — C2PA, SynthID, Watermarking
Two families of provenance technology. One attaches signed metadata. The other embeds invisible patterns in the pixels or waveform. Here's how to implement both. The manifest contains ASSERTIONS (who captured/generated it, which tools/models, editing history, bounding boxes of AI-generated regions).
Lesson map
What this lesson covers
Learning path
The main moves in order
- 1Why provenance matters in 2026
- 2C2PA
- 3Content Credentials
- 4SynthID
Concept cluster
Terms to connect while reading
Section 1
Why provenance matters in 2026
The EU AI Act (Article 50, applicable August 2026) requires providers of AI systems that generate synthetic content to ensure outputs are marked as artificially generated. California's AB 2655/2839 and similar state laws in the US create adjacent obligations. The TAKE IT DOWN Act (US federal, 2025) criminalizes non-consensual intimate deepfakes. Provenance isn't optional for serious products anymore.
Two approaches, complementary
Compare the options
| Approach | How it works | Survives editing? | Cryptographically verifiable? |
|---|---|---|---|
| C2PA Content Credentials | Signed metadata manifest attached to file. | No — stripped by naive tools. Yes if CAI-aware tools preserve it. | Yes — PKI-based signatures. |
| SynthID (Google) | Imperceptible signal embedded in pixels / waveform / tokens. | Survives most editing (crop, compression, recolor). | Yes — Google's detector, not public. |
| Traditional watermark (Stability, others) | Invisible pattern in pixels. | Partial — resilient to compression, breaks on heavy edits. | Provider-specific. |
| Perceptual hash (PhotoDNA, PDQ) | Fingerprint of the image; used for matching against known-bad DB. | Robust — designed for hash-based matching. | Not about authorship; about matching. |
C2PA — the metadata standard
C2PA defines a signed 'manifest' that travels with a file (JPEG, PNG, MP4, WAV). The manifest contains ASSERTIONS (who captured/generated it, which tools/models, editing history, bounding boxes of AI-generated regions). The manifest is signed by the creator's certificate (issued by a C2PA-trusted authority). Verification is cryptographic.
Sign a C2PA manifest onto an AI-generated image.
# Using c2pa-python (Adobe's reference implementation)
from c2pa import Builder, create_signer, SigningAlg
# Create a signer from your cert + key (issued by a C2PA-trusted CA)
signer = create_signer(
certs_path="./my-certificate-chain.pem",
private_key_path="./my-private.key",
alg=SigningAlg.PS256,
)
# Build a manifest
manifest_json = {
"claim_generator": "tendril-creative-studio/1.0",
"format": "image/png",
"assertions": [
{
"label": "c2pa.actions",
"data": {"actions": [
{"action": "c2pa.created", "softwareAgent": "Flux 1.1 Pro"},
{"action": "c2pa.edited", "softwareAgent": "Photoshop 2026"},
]},
},
{
"label": "c2pa.training-mining",
"data": {"entries": {
"c2pa.ai_generative_training": {"use": "notAllowed"},
}},
},
],
}
builder = Builder(manifest_json)
builder.sign_file(
signer=signer,
source_path="./ai_generated.png",
dest_path="./ai_generated_signed.png",
)
# Anyone with the C2PA Reader can verify this file
# and see it was AI-generated, edited in Photoshop, and
# the creator opted out of training.SynthID — Google's signal-in-the-pixels
SynthID embeds detection signals directly in pixels (for images), spectrograms (for audio), and token distributions (for text). Unlike C2PA, it survives crops, color adjustments, and re-encoding. The tradeoff: SynthID only detects Google-generated content (Gemini, Imagen, Veo, Lyria). It's not an open standard.
Combining both
- 1Generate the media with whatever pipeline you use.
- 2Apply the provider's watermark (SynthID if Google; vendor-specific otherwise).
- 3Sign a C2PA manifest with AI generation details and editing history.
- 4On downstream editing, preserve the C2PA manifest; append edit assertions.
- 5At distribution, surface a 'Content Credentials' badge — users click to see provenance.
Verification UX
Read and display Content Credentials in a browser UI.
// Browser-side: verify C2PA badge using @contentauth/sdk
import { createC2pa } from "@contentauth/sdk";
const c2pa = await createC2pa({
wasmSrc: "/c2pa-wasm.wasm",
workerSrc: "/c2pa.worker.js",
});
const { manifestStore } = await c2pa.read(imageBlob);
if (!manifestStore) {
// No Content Credentials — unknown provenance
return { verified: false, reason: "no_manifest" };
}
const active = manifestStore.activeManifest;
const aiActions = active.assertions.data.find((a) => a.label === "c2pa.actions");
const aiGenerated = aiActions?.data.actions.some(
(a) => a.action === "c2pa.created" && a.softwareAgent
);
return {
verified: true,
aiGenerated,
signer: active.signatureInfo?.issuer,
editHistory: aiActions?.data.actions,
};Limitations to be honest about
- Metadata can be stripped. A screenshot kills C2PA metadata.
- SynthID only covers Google-generated content.
- Watermark detection is only meaningful if the detector is public or federated — most aren't.
- Adversaries with GPU budget can train models to denoise watermarks out (active arms race).
- C2PA certificates require PKI infrastructure — not everyone can become a signer easily.
Key terms in this lesson
End-of-lesson quiz
Check what stuck
15 questions · Score saves to your progress.
Tutor
Curious about “Provenance — C2PA, SynthID, Watermarking”?
Ask anything about this lesson. I’ll answer using just what you’re reading — short, friendly, grounded.
Progress saved locally in this browser. Sign in to sync across devices.
Related lessons
Keep going
Creators · 40 min
Licensing AI Output for Commercial Work
Who owns it? Who can you sue? Who indemnifies you? The commercial licensing landscape is fragmented, evolving, and critical to ship-safe work.
Creators · 42 min
Ethics of Synthetic Media
Consent, deepfakes, fair use, democratization of creation. The hardest questions in this track don't have clean answers. Let's work through them honestly.
Creators · 60 min
Capstone — Ship a Real AI-Assisted Creative Project
Plan, build, and launch a real creative product using the full AI stack. This is the final deliverable of the Creative track.