watermarking.media
Ownership

Is my AI image watermarked?

By The watermarking.media team
5 min read
Contents

Whether your AI image is watermarked depends entirely on which tool made it: some generators embed C2PA metadata, some an invisible SynthID watermark, some both, and many embed nothing, so a clean check never proves an image is not AI. There is no universal rule and no single reader that settles it. What settles it is knowing the two kinds of mark, checking your file against the readers for each, and reading the result carefully. Here is how.

Two kinds of mark

An AI image can carry two very different things, and they are not interchangeable.

The first is metadata provenance, the C2PA standard, branded Content Credentials. It is container-level: a cryptographically signed manifest stored in the file’s metadata (JUMBF or XMP), not in the pixels, recording what made the file and how it was edited. The Content Credentials Technical Whitepaper (2025) describes the binding as one “that ties the Manifest to the asset itself, ensuring that any changes to the asset will invalidate the Manifest”. It is rich and readable, but because it rides in metadata it is fragile.

The second is an in-pixel watermark, of which SynthID is the leading example. In SynthID-Image: Image Watermarking at Internet Scale, Gowal, Bunel & Stimberg (2025) describe a post-hoc, model-independent neural watermark that writes a spectral mark into finished pixels; a matching decoder reads a 136-bit payload scored by a conformal p-value test, calibrated to a 0.1 percent false-positive rate, and the paper reports the mark “has been used to watermark over ten billion images and video frames” across Google services. It carries only a small payload and no edit history, but it survives the re-encoding that strips metadata. Not every in-pixel mark works the same way: SynthID is post-hoc, added to finished pixels, whereas a latent design such as Tree-Ring seeds its mark in the initial generation noise (Wen, Kirchenbauer & Geiping, NeurIPS 2023). The marks you will actually meet on today’s AI images are post-hoc ones.

Which generators mark, and how

Only some providers mark their output, and they do not all mark it the same way. This table names only cases verified for this article.

GeneratorC2PASynthIDWhat a hit means
OpenAI (ChatGPT, DALL-E 3, GPT-4o)YesYes, since May 2026An OpenAI provenance signal is present
Google (Imagen, Gemini image)YesYesA Google provenance signal is present
Adobe FireflyYesNot confirmedContent Credentials may be present
Many open-source, third-party toolsNoNoA clean scan is expected

OpenAI marks every generated image with both layers: its documentation says images from ChatGPT, the OpenAI API, and Codex carry both C2PA Content Credentials and Google DeepMind’s SynthID, and that DALL-E 3 images have carried C2PA since early 2024 (OpenAI, no date). Google embeds SynthID and C2PA. Adobe Firefly attaches Content Credentials. And a large share of generators, especially open-source and self-hosted ones, embed nothing at all, which is the single most important row: an unmarked image is completely ordinary.

How to check

Run the file through the readers that exist. OpenAI’s Verify tool reads both Content Credentials and SynthID from an uploaded image, and is the most direct check for a picture that may have come from OpenAI (OpenAI, no date). For the metadata layer specifically, Content Credentials Verify (CAI Verify) reads the C2PA manifest (Content Credentials Technical Whitepaper, 2025). For SynthID specifically there is also Google’s SynthID Detector portal, though as of this writing Google has rolled it out only to early testers on a waitlist, not to the public (Google DeepMind, 2025). The step-by-step is in How to check if an image has SynthID; for the metadata side, see What is C2PA / Content Credentials?.

Reading the result

A C2PA check returns one of three answers, and the difference matters.

ResultWhat the verifier foundWhat it means
Valid credentialSigned history intactThe recorded provenance holds
Invalidated bindingManifest present, content hash no longer matchesPositive evidence the file changed after signing
No manifestNothing foundSilent, indistinguishable from a file that never carried one

A SynthID reader is similar in spirit: a positive is strong evidence a SynthID-adopting model made the image, while a negative is weak, because the mark is absent from the overwhelming majority of images in the world (Gowal, Bunel & Stimberg, 2025).

The bottom line

Presence is informative. Absence is close to neutral. A missing mark is the normal state of most images, AI or not, so you cannot read “no watermark” as “not AI”. Two facts drive this. Metadata is easily lost: a manifest is stripped by a screenshot or an upload through a platform that discards it, which is covered in Do Content Credentials survive social media?. And the pixel mark is not permanent either: research has shown the class SynthID belongs to is removable by generative regeneration (Zhao, Zhang & Wang, NeurIPS 2024). The reading is the one Golaszewski, Krawetz & Sherman give of the metadata layer in Verifying Provenance of Digital Media: Why the C2PA Specifications Fall Short (2026): “C2PA provides provenance signals, not proof of authenticity”, and the same caution applies to the pixel mark.

So the answer to “is my AI image watermarked” is: check it, and expect the check to confirm origin when a mark is present and to tell you almost nothing when it is not. For what ChatGPT specifically embeds, see Does ChatGPT watermark its images?.

Sources

#watermarking#synthid#c2pa#ai-images#provenance