With the culmination of progress in various sectors of this AI-wave, I often think about the truth. Technological progress seems to bring us further away from the truth or reality of things, and closer to personal “world views”. Personally, this is a problem. I tend to live in the light, and be honest always. It’s easier. And there’s some honor in it somewhere.

Different actors invest in methods to ascertain the truth. Become President. Buy Twitter. Buy the Washington Times. You get the drill. In software, we issue a provenance. Proof that we are who we say we are and we are legitimate. I talked about using cosign as a way to sign artifacts so that end-users of your projects know it came from you.

There isn’t anything equivalent in the AI space. And the further this goes on, the more likely we are going to play a very adversarial game.

Just take a look at this “Moscow-based global ’news’ network”:

A Moscow-based disinformation network named “Pravda” — the Russian word for “truth” — is pursuing an ambitious strategy by deliberately infiltrating the retrieved data of artificial intelligence chatbots, publishing false claims and propaganda for the purpose of affecting the responses of AI models on topics in the news rather than by targeting human readers, NewsGuard has confirmed. By flooding search results and web crawlers with pro-Kremlin falsehoods, the network is distorting how large language models process and present news and information. The result: Massive amounts of Russian propaganda — 3,600,000 articles in 2024 — are now incorporated in the outputs of Western AI systems, infecting their responses with false claims and propaganda [0].

This is highly alarming. The “arms-race” has begun.

What does the current state of “AI content verification” look like?

The Labyrinth of AI Content Verification

The digital realm is increasingly saturated with content whose origins are obscured, either partially or entirely, by AI. Determining the authenticity of such content is such a complex problem. Current approaches to content detection are fraught with limitations that undermine their reliability and scalability for widespread use.

Let us talk about some of them, followed by a table for easier viewing.

ParadigmKey Characteristics/MechanismPrimary ModalitiesStrengthsWeaknesses/Vulnerabilities (incl. Adversarial)Scalability for Internet UseRobustness to Common EditsCurrent Accuracy Range (Qualitative)Key Research Snippets
Statistical Analysis (Text)Measures linguistic features like perplexity, burstiness, sentence length variance. 1TextSimple to implement for basic patterns.Low accuracy for sophisticated LLMs; bias against non-native speakers; easily fooled by paraphrasing. 1, 4, 5HighLow to MediumLow to Medium1, 2
LLM-based Classifiers (Text)Fine-tuned LLMs (e.g., RoBERTa) to learn stylistic differences between AI and human text. 2TextCan capture more nuanced patterns than simple statistics. 2Still prone to false positives/negatives; struggles with out-of-distribution models and human-edited AI text; adversarial attacks. 3, 4, 5, 9MediumMediumMedium2, 3, 4
Forensic Image Analysis (Semantic Artifacts, Patch Shuffling)Detects model-specific “semantic artifacts” by breaking global image structure (e.g., SFLD using PatchShuffle). 10, 21ImageImproved generalization to unseen generators and scenes; focus on local, intrinsic generator artifacts. 10, 21, 22Performance depends on patch size and model depth; potential for new generators to evade these specific artifact detections. 21MediumMedium to High (for some degradations)Medium to High (research)10, 21, 22
Forensic Image Analysis (ELA)Identifies differing JPEG compression levels in manipulated image regions. 13, 14Image (JPEG)Can reveal areas saved with different quality. 14Cannot pinpoint exact pixels; ineffective for single-pixel edits or minor color changes; multiple resaves reduce efficacy; can be fooled if regions saved same number of times. 14High (tool dependent)Low to MediumMedium (context dependent)14
Forensic Image Analysis (PRNU)Detects absence or inconsistency of camera sensor noise patterns. 17ImageUnique sensor fingerprint; AI images theoretically lack genuine PRNU. 17PRNU can be weak or forged/erased; computation methods always yield some result. 17Low to Medium (requires expertise)MediumHigh (in controlled settings)17
Forensic Image Analysis (CRF)Checks consistency of light-to-pixel value mapping across image parts. 20ImagePhysics-based; inconsistencies suggest different origins. 20Dense CRF space (similar CRFs for different cameras); AI might mimic consistent CRFs; focus on splicing. 20Low (complex analysis)MediumMedium (research)20
Forensic Image Analysis (JPEG Ghost)Detects differing compression qualities between forged (“ghost”) and cover image parts by resaving and analyzing SSIM/energy. 15Image (JPEG)Can localize tampered portions based on compression history. 15Primarily for double-JPEG compression artifacts; effectiveness against sophisticated AI edits unclear. 15MediumMediumMedium to High (for specific forgeries)15
Forensic Video Analysis (Temporal, Lip-Sync)Analyzes frame-to-frame consistency, lip movements, micro-expressions, audio-visual sync. 1, 52, 53Video, AudioCan detect unnatural transitions or desynchronization common in early/crude deepfakes. 1Sophisticated deepfakes improve these aspects; computationally intensive. 41, 52Low to MediumMediumMedium (improving with multimodal models)1, 41, 52
Forensic Audio AnalysisExamines acoustic features, speaker characteristics, background noise consistency for anomalies. 1, 52, 53, 54, 55AudioCan detect artifacts from voice cloning or synthesis. 54, 55Advanced voice synthesis is very convincing; vulnerable to noise, compression. 54MediumMediumMedium to High (research)54, 55
Watermarking (e.g., SynthID, InvisMark)Embeds imperceptible signals (e.g., logit manipulation for text, pixel/spectrogram changes for image/audio) at creation. 23, 26, 27Text, Image, Audio, VideoProactive; can carry creator/model ID; some robustness to edits. 23, 25, 27Model-specific (SynthID for Google 7); robustness varies (heavy edits, compression can degrade 23, 24); not designed against motivated adversaries 23; “trade-triangle” constraints.28Medium (depends on tool integration)Medium to High (designed robustness)High (if watermark present & intact)7, 23, 27
Perceptual HashesCreates content fingerprints robust to minor changes. 29, 30Image, VideoGood for similarity detection. 29Vulnerable to specific adversarial attacks; privacy concerns with hash reconstruction. 29, 30, 31HighHigh (by design for minor edits)Low (for authenticity against attacks)29, 31
Metadata Analysis (incl. C2PA)Examines embedded file information (creator, software, edits); C2PA provides standardized, cryptographically signed provenance manifests. 11, 12, 56AllC2PA offers tamper-evident provenance if adopted. 56Basic metadata easily stripped/altered 7; C2PA adoption not universal, a complexity can be a barrier. 56High (metadata); Medium (C2PA validation)Low (basic metadata); High (C2PA if binding intact)Low (metadata); High (C2PA if valid)7, 12, 56

Works Cited

  1. A well-funded Moscow-based global ‘news’ network has infected Western artificial intelligence tools worldwide with Russian propaganda
  2. General review of AI content detection methodologies, including statistical analysis for text, forensic analysis for video/audio, and challenges related to hybrid human-AI content.
  3. Research on using statistical and linguistic features (e.g., perplexity, burstiness) for AI-generated text detection.
  4. Analysis and performance review of commercial AI text detectors like GPTZero and Copyleaks.
  5. Studies on the inconsistent performance and inherent biases of AI text detectors, particularly against non-native English speakers.
  6. Ethical considerations and documented cases of bias in AI detection tools used in academic settings.
  7. Analysis of proprietary watermarking solutions like SynthID, and challenges related to metadata stripping and industry fragmentation.
  8. Research on the generalization problem, where detectors fail to identify content from novel or out-of-distribution AI models.
  9. Overview of model-based detection techniques for AI-generated visual media, focusing on pixel-level artifacts and inconsistencies.
  10. Standard practices and limitations of using file metadata for content provenance.
  11. Overview of the C2PA (Coalition for Content Provenance and Authenticity) initiative and its goals for standardized metadata.
  12. Introduction to Error Level Analysis (ELA) as a forensic technique for detecting image manipulation.
  13. Detailed analysis of the capabilities and limitations of ELA in detecting various types of image edits.
  14. The “JPEG Ghost” technique for identifying forgeries based on differing compression histories within an image.
  15. Research on using Photo Response Non-Uniformity (PRNU) as a camera sensor fingerprint to detect AI-generated images.
  16. Introduction to Camera Response Function (CRF) as a physics-based forensic tool.
  17. Papers discussing “semantic artifacts” in AI-generated images and the “image patch shuffle” technique to improve detector robustness.
  18. Further work on patch-based classifiers and semantic artifact mitigation for better generalization.
  19. Google’s research and documentation on SynthID for watermarking AI-generated text via logit manipulation.
  20. Documentation on SynthID’s application to images and audio, and its known robustness limitations.
  21. Public announcements and technical details regarding collaborations to expand SynthID’s use (e.g., with NVIDIA for video).
  22. Technical papers explaining the imperceptible watermarking process for visual and auditory media in SynthID.
  23. Research on InvisMark, a neural network-based watermarking technique for high robustness and payload in AI images.
  24. Foundational research on the “robustness-fidelity-capacity” trade-off triangle in digital watermarking.
  25. Overview of perceptual hashing algorithms (pHash, dHash) for similarity detection.
  26. Studies on the vulnerabilities of perceptual hashes to adversarial attacks.
  27. Analysis of the security and privacy implications of perceptual hash systems, including potential for image reconstruction.
  28. Discussion on the “black box” problem in AI detectors and the impact of false positives on user trust.
  29. Forensic Video Analysis: frame-to-frame consistency, lip movements, micro-expressions, audio-visual sync.
  30. Forensic Video Analysis: frame-to-frame consistency, lip movements, micro-expressions, audio-visual sync.
  31. Forensic Audio Analysis: acoustic features, speaker characteristics, background noise consistency.
  32. Forensic Audio Analysis: acoustic features, speaker characteristics, background noise consistency.
  33. Overview of the C2PA (Coalition for Content Provenance and Authenticity) initiative and its goals for standardized metadata.