The honest-naming boundary

We are constantly asking the same question about the media we consume: Is this real, or was it made by an AI?

To answer this, people often turn to "AI detectors" - tools that analyze the raw pixels of an image and return a probability score. But these statistical pixel classifiers are playing a guessing game. They look for rendering anomalies or frequency distribution quirks, and as generative models improve, the detectors struggle to keep up. False positives are common.

There is a more deterministic way to establish the origin of an image. Instead of asking a machine to guess based on pixels, we can ask: Does this file declare that it is AI?

This is the foundation of declarative metadata verification. It doesn't guess; it reads the cryptographic signatures embedded inside the file itself.

Enter C2PA and Content Credentials

To establish a verifiable chain of custody for digital media, a coalition of tech giants - including Adobe, Microsoft, and hardware manufacturers like Leica and Sony - developed the Coalition for Content Provenance and Authenticity (C2PA) standard. You might recognize its consumer-facing manifestation as "Content Credentials," often marked by a small "cr" icon.

A C2PA record is stored as a "manifest store" embedded directly into the media file (for example, inside a dedicated caBX chunk in a PNG, or an APP11 marker in a JPEG).

This manifest contains three core components:

  1. Assertions: Structured statements about the file, such as who created it, what edits were made, and an explicit declaration of whether artificial intelligence was used.
  2. The Claim: A central dictionary that hashes all these assertions and creates a cryptographic hard binding to the underlying image pixels.
  3. The Signature: A digital signature computed using a trusted Certificate Authority.

If you alter a single pixel of a signed image, the recomputed file hash will clash with the hard binding hash, and the validation fails instantly.

Why a "clean" file doesn't mean "human-made"

You can inspect an image's provenance data using our client-side Metadata Viewer. If an image was generated by DALL-E 3 or edited with Photoshop's Generative Fill, the viewer will flag the embedded C2PA manifest and show that the file cryptographically declares AI involvement. The signature proves the declaration is authentic and untampered - though it proves what the file says, not independently what happened.

But there is a critical catch: the absence of metadata is not a certificate of human authorship.

Standard software pipelines routinely destroy metadata. If you generate a C2PA-signed image and upload it to Reddit, Facebook, or process it through a default WordPress installation, those platforms will compress the image and strip the metadata chunks to save space.

The cryptographic envelope is destroyed. If you download that image and inspect it, our tool will report that no AI metadata was found.

This simply means the file lacks verifiable provenance. It does not prove the image is a camera-captured photograph.

By inspecting files with a Metadata Viewer, you aren't guessing at pixels - you are reading the explicit declarations the file carries. If you are a creator who needs to strip C2PA data for privacy reasons before publishing, you can scrub these manifests using our Metadata Remover.