News · OpenAI stacks three provenance layers: C2PA conformance, SynthID watermarks, and a public verifier
OpenAI stacks three provenance layers: C2PA conformance, SynthID watermarks, and a public verifier
The company is combining metadata signatures, an invisible watermark from Google DeepMind, and a preview verification tool that only speaks for OpenAI-made images.
What OpenAI actually shipped in this update
OpenAI bundled three concrete moves into a single announcement. First, it became a C2PA Conforming Generator Product, which the company frames as giving platforms a trusted way to read, preserve, and pass along the provenance metadata it attaches to generated media. Second, it added Google DeepMind's SynthID watermarking to images generated through ChatGPT, Codex, or the OpenAI API. Third, it opened a preview of a public verification tool that checks an uploaded image for both Content Credentials and SynthID.
None of these are entirely new departures. OpenAI has been attaching Content Credentials to images since 2024, starting with DALL·E 3 and later ImageGen and Sora, and it sits on the C2PA Steering Committee. What is new is layering a watermark on top of the metadata and giving the public a way to interrogate both.
The layering exists because metadata does not survive
The most honest part of the announcement is its diagnosis of why one signal is not enough. OpenAI states plainly that C2PA metadata can be stripped, lost through uploads and downloads, or broken by format changes, resizing, and screenshots. That is a direct acknowledgment that the cryptographic-signature approach it has invested in since 2024 fails against the most ordinary handling content receives online.
C2PA helps content carry detailed context; SynthID helps preserve a signal when metadata does not survive. Watermarking can be more durable through transformations like screenshots, while metadata can provide more information than a watermark alone.Montana Labs
This is a division of labor, not redundancy. Metadata carries richer context—where content came from, how it was created or edited, who signed it—but is fragile. The watermark carries less information but persists through a screenshot. The bet is that the union of the two covers more real-world failure cases than either alone.
A verification tool that refuses to guess
The preview verification tool is deliberately narrow. At launch it only answers questions about content generated by OpenAI, checking whether an uploaded image was made through ChatGPT, the OpenAI API, or Codex by looking for its provenance signals. It builds on the image detection classifier OpenAI research-previewed in 2024.
The more important design choice is what the tool declines to say. OpenAI states that if no metadata or watermark is detected, the tool will not conclude the image was not made with its tools—because signals can be stripped. That refusal to infer absence from a missing signal is the correct posture for a detector, and it matters more than the detection itself. A tool that confidently declared 'not AI' whenever it found nothing would be actively misleading, since stripping a watermark is exactly what a bad actor would do.
The interoperability gap this update leaves open
The specific limitation to watch is scope. The verification tool answers 'was this made by OpenAI?'—not 'was this made by AI?' The SynthID integration OpenAI is adopting is a Google DeepMind technology, so a shared watermarking substrate across two major generators is at least conceivable, and OpenAI says it aims to support cross-industry verification in the coming months and eventually more content types.
Until that happens, provenance remains vendor-scoped: each generator can vouch for its own output, and a verifier that only recognizes one company's signals gives users a partial picture. The value of C2PA conformance—that provenance survives beyond the first platform—only fully pays off when platforms and other generators actually read and preserve these signals. OpenAI has built the layers on its own side; the interoperable ecosystem it describes depends on parties it does not control adopting the same standards and honoring the metadata rather than stripping it on upload.
Find this story relevant to you?
Contact us to find a unique solution
Need an AI engineering partner that can actually build?
We help businesses integrate AI, build AI-powered products, automate high-value workflows, and modernize the software systems behind them.
Related reading
More analysis around product delivery, operational AI, and the systems work that makes deployment hold up in reality.