Spent a while in the content provenance space and this gap trips people up constantly. Most people think C2PA (Content Credentials) is “the” AI watermark standard now — Adobe, OpenAI, Google, camera makers are all on it. But C2PA is metadata riding alongside the file, not embedded in the pixels. Screenshot it, re-encode it, upload it to social media and that metadata’s gone. New file, zero provenance. This is a known, acknowledged failure, even called out directly in the EU’s AI Act Code of Practice. The actual fix is watermarking embedded in the content itself, and even that isn’t one technique but it’s layers, because different attacks break different watermark types: Frequency-domain watermarks (spread across DCT coefficients) survive normal JPEG recompression and resizing Neural watermarks (trained models, not fixed math) hold up where frequency-domain marks fail — screenshot-recapture, heavy recompression, format transcoding, full video re-encodes. This is the difference between “survives being saved twice” and “survives a Twitter/TikTok round-trip” Perceptual fingerprinting (pHash-style) is the fallback layer which recovers provenance even after the watermark itself gets destroyed by a hard resize or reformat, by fuzzy-matching the content against known signed originals None of these alone is sufficient. That’s the actual state of the field right now and anyone claiming a single watermark “solves” provenance is oversimplifying it. I ended up building this stack out (frequency + neural + fingerprinting, layered) after running into these exact failure modes myself — certivu.ai if anyone wants to poke at it or compare notes. Happy to go deeper on any of this if you’re dealing with it. submitted by /u/ksplat_
Originally posted by u/ksplat_ on r/ArtificialInteligence
