What to know about AI image provenance
- What launched: on May 19, 2026, OpenAI announced it is embedding both C2PA Content Credentials (visible metadata) and SynthID watermarks (invisible pixel-level marks) into AI images from ChatGPT, Codex, and the OpenAI API.
- The partnership: SynthID comes from Google DeepMind. OpenAI adopting it (alongside Kakao, ElevenLabs, and Nvidia in the same May 2026 cohort) is the first time a major AI lab uses a competitor’s watermark technology.
- The verification tool: OpenAI is previewing a public-facing site where anyone can upload an image and check whether it came from ChatGPT, Codex, or the OpenAI API.
- The scale already: over 100 billion images, videos, and audio files have been watermarked with SynthID since launch. With OpenAI added, that number jumps fast.
For two years the AI industry has talked about “provenance” without doing much about it. Provenance, in plain English, is the question: when you look at an image online, can you tell whether it was made by a person with a camera or by an AI model? The answer in 2024 was “not reliably.” OpenAI’s May 19 announcement is the most concrete step a major AI lab has taken to change that.
This guide walks through what was announced, the two technologies involved (C2PA and SynthID), why they are being used together, what it means for ordinary internet users, and where the limits are.
What is C2PA?
C2PA stands for the Coalition for Content Provenance and Authenticity. It is an industry standard for embedding structured metadata inside an image file. The metadata records who created the file, what tool was used, and what edits have been applied since. Think of it as a digital paper trail attached to the image.
C2PA’s strength is detail. A C2PA-tagged image can carry a full history (created in ChatGPT on a specific date, opened in Photoshop and cropped, exported as JPEG). The weakness is fragility. Metadata gets stripped easily. Upload an image to most social platforms and the metadata is gone. Take a screenshot and the metadata is gone. Save as a different file format and the metadata may be gone.
What is SynthID?
SynthID is a watermarking system developed by Google DeepMind. Unlike C2PA, SynthID does not write metadata into a file. It modifies the actual pixels of the image in a way that is invisible to humans but detectable by a trained classifier. The watermark is distributed across the whole image, not concentrated in one spot, which means cropping or compressing the image does not destroy it.
SynthID’s strength is durability. Screenshots, format changes, resizes, and most edits leave the watermark intact. The weakness is that it carries no detail. SynthID can tell you the image was AI-generated by a SynthID-enabled tool, but it cannot tell you which tool, when, or what edits were applied. C2PA carries the story; SynthID carries the truth that there is one.
Why combine them?
Because each one fills the other’s gap. The combination defends against the most common ways provenance gets lost.
| Action on the image | C2PA metadata survives? | SynthID survives? |
|---|---|---|
| Save as JPEG | Often yes | Yes |
| Save as PNG, convert to JPEG | Often no | Yes |
| Upload to social media (most platforms strip metadata) | No | Yes |
| Take a screenshot | No | Yes (usually) |
| Crop to 50% of original | Yes (metadata stays attached) | Yes (watermark distributed) |
| Heavy filter, color shift, blur | Yes | Usually yes (degraded) |
| Adversarial scrubbing tool | Easy to strip | Hard but possible |
The pairing is what researchers call “defense in depth.” If one signal disappears, the other usually survives. Neither is foolproof, but together they raise the cost of laundering an AI image to the point where casual misuse stops being easy.
What does the public verification tool do?
OpenAI announced a public-facing tool, currently in preview, that lets anyone check an image. You upload a file. The tool inspects both layers (C2PA metadata if present, SynthID signal in the pixels) and tells you whether OpenAI’s tools were involved in creating it.
Important: the tool can only verify images created on systems OpenAI controls (ChatGPT, Codex, OpenAI API). It cannot verify Midjourney images, Stable Diffusion images, or anything made by another provider. For those, you would need each provider’s own verification tool or a SynthID-compatible detector. Google’s own SynthID verifier is the closest thing to a universal checker, since multiple providers now use SynthID. Read more in our Nano Banana 2 explainer for how Google’s own image system uses the same watermark.
Why is this big news?
Three reasons.
- OpenAI adopting a Google watermark is unusual. SynthID is a DeepMind product. OpenAI and DeepMind do not usually share infrastructure. Picking SynthID over building an in-house alternative is OpenAI conceding that interoperability beats proprietary control on this specific problem.
- Scale matters more than technology. SynthID worked before this announcement. What was missing was widespread adoption. Adding OpenAI’s outputs to the SynthID pool (plus Kakao, ElevenLabs, Nvidia, the existing Google products) means a large fraction of all new AI-generated media in 2026 carries a detectable watermark. That changes the trust landscape.
- It moves regulatory ground. The EU AI Act and several US state proposals already require labeling of AI-generated content. A working, widely-adopted technical standard makes compliance practical instead of aspirational.
What does this mean for the average user?
Practically speaking, three things.
- Images you generate in ChatGPT now carry a watermark. You will not see it. Anyone with the right tool can detect it. This is true going forward whether or not you mark the image as AI-made yourself.
- You can check images you find online. When the OpenAI verification tool exits preview, upload any suspicious image to see whether it came from ChatGPT. Eventually similar tools will exist for the other providers.
- “AI or real” gets harder to fake. The most common way deceptive AI imagery spreads is screenshots that strip metadata. SynthID survives screenshots. The deception path that worked in 2024 stops working as well in 2026.
Beginners in AI position:
Provenance is one of the most useful trust tools we are going to get for AI media. It is not a complete answer. Adversarial actors with enough effort can still strip a watermark. But the people doing real-world harm with AI images (impersonation, scams, fake political content) are usually not running cutting-edge stripping tools. Raising the floor matters even if the ceiling stays open. This is a clear public-interest win.
Where does this leave the rest of the AI industry?
Three tiers of adoption as of late May 2026.
- Already on SynthID: Google (across Gemini, Imagen, Veo), now OpenAI, Kakao, ElevenLabs (for audio), and Nvidia. That is a large chunk of consumer AI media output.
- Using C2PA only: Adobe (Firefly, Photoshop AI), Microsoft (Copilot, Designer), Sony, Leica, Nikon (cameras). Strong on metadata, no watermark layer.
- Neither yet: Midjourney, Stable Diffusion (most forks), Stability AI’s older outputs, many open-source models. These remain the hardest to verify.
The third tier is the gap. If you want to know whether a Midjourney image is real in 2026, the answer is still “good luck.” For broader context on which AI models exist and what they do, our AI Models 2026 overview is the best starting point.
What are the limits and criticisms?
- Adversarial stripping is real. Sophisticated actors can sometimes remove SynthID with enough effort. The cost rises, but the option exists. The system is a deterrent, not a guarantee.
- Image-only coverage so far. OpenAI’s announcement covers images. Video and audio provenance is being built but not yet at the same maturity. For video, see our Sora vs Runway vs Kling comparison on what the major video providers are doing.
- Closed-source models can opt out. Open-source image models do not have to adopt provenance. If they do not, the gap remains and any verification tool will simply return “we cannot tell” for a meaningful share of the open internet.
- Verification is provider-by-provider. There is no single tool that says “this image is AI-made by any provider.” You have to check OpenAI’s tool, Google’s tool, Adobe’s tool, etc. Industry standardization would help.
How do I actually use this today?
- When generating images on ChatGPT or via OpenAI API, nothing changes for you. The watermark is added automatically. You can still use the image normally.
- When you want to verify an image, wait for OpenAI’s tool to exit preview, then upload. For images from other providers, check the provider’s own verification site.
- When journalism or legal matters are at stake, bring in a verifier. Both C2PA and SynthID are good enough for most internet trust questions but not yet bulletproof for high-stakes provenance.
- If you are an educator or community manager, the most useful action is to tell your community that automated AI image detection is real now, available, and worth using before believing or amplifying a sensational image.
Common questions about AI image provenance
Can I opt out of having my AI images watermarked?
Not in the consumer products. Watermarking is automatic for ChatGPT, Codex, and OpenAI API outputs. Enterprise customers may have different terms. If you do not want a watermark on the image you generate, generate it with a provider that does not yet watermark (which is the worse choice for almost every other reason).
Will this slow down image generation?
No measurable change for end users. SynthID adds a small compute cost on the generation side and a small inference cost on the verification side. Neither is noticeable in a normal workflow.
Does this work on video and audio too?
Yes, in principle, no for OpenAI’s current rollout. SynthID has versions for video and audio (and Google uses them across Veo, Gemini, ElevenLabs uses SynthID-Audio). OpenAI’s May 19 announcement specifically covers images first. Video provenance from OpenAI is likely later in 2026.
What if someone screenshots an AI image and shares the screenshot?
The C2PA metadata is usually lost. The SynthID watermark usually survives. This is the main case the dual-layer approach is designed to handle.
How does this compare to “AI-generated content detector” tools online?
Most AI detector tools online are pattern-matching guesses with high false-positive rates. Watermark-based provenance is fundamentally different: it asks “did a specific tool make this image and leave its signature?” rather than “does this look AI-made?” Watermark detection, when the watermark is present, is much more reliable.
Sources
- OpenAI, “Advancing content provenance for a safer, more transparent AI ecosystem” (May 19, 2026)
- Google, “Making it easier to understand how content was created and edited”
- The Next Web, “OpenAI adds C2PA metadata and SynthID watermarks to AI images”
- C2PA Viewer, “OpenAI and Google Align on C2PA and SynthID”
- “SynthID-Image: Image watermarking at internet scale” (arXiv research paper)
Get Smarter About AI Every Morning
Free daily newsletter. Built for people who want to use AI well, not chase every model.
Free forever. Unsubscribe anytime.
You may also like
- Nano Banana 2 Explained for how Google’s image AI is using the same SynthID watermark.
- Midjourney v8 Explained for the major image AI that does not yet have provenance.
- Sora vs Runway vs Kling for the video side of the same provenance question.
- AI Ethics for Beginners for the wider trust and safety conversation this fits inside.
- AI Myths Debunked for related misconceptions about detection.
- Every AI Model Worth Knowing in 2026 for the broader landscape.