The Coalition for Content Provenance and Authenticity (C2PA) is the industry standard for cryptographic media provenance. Major capture devices (Sony, Leica, Canon, recent iPhones) and major AI generators (Adobe Firefly, OpenAI DALL-E 3, recent Microsoft products) embed signed C2PA manifests recording: who captured/generated it, what software, what edits were made, and AI-generation flags.
π The CAI verifier above is an iframe; some browsers block embedded uploads. If file upload doesn't work in the embed, click the "Open in new tab" button.
All current AI-text detectors are probabilistic. Treat their output as one signal β even the best report 5-15% false-positive rates on human-written text and similar false-negative rates on light-edited AI text. Cross-check against multiple detectors and use the result to inform investigation, not to make accusations.
Image detection is harder than text and degrading rapidly as AI generators improve. The watermarking and C2PA approaches above are more reliable than post-hoc detection β but only when the generator embeds them. Detection is best used to flag content for human review, not as ground truth.
Even when a photo isn't AI-generated, classical forensics catches manual editing β splices, clones, recompression artifacts, EXIF inconsistencies. These tools predate the AI era but are still useful baseline checks.
Free AI provenance & deepfake verification hub
A curated directory of free tools for verifying media authenticity in 2026 β C2PA / Content Credentials inspectors (the industry-standard cryptographic provenance), AI text detectors (GPTZero, ZeroGPT, GLTR), AI image detectors (Hive, AI or Not, Illuminarty), deepfake video detection (Deepware, InVID/WeVerify), classical photo forensics (FotoForensics, Forensically, ExifTool), and watermarking standards (Google SynthID, IPTC Digital Source Type).
For OSINT investigators, journalists, and trust-and-safety teams: this hub aggregates the tools you need at each verification step. C2PA is the most reliable signal but only when present; AI detectors are probabilistic and need cross-checking; classical forensics still catches manual editing. The Bellingcat verification handbook is the canonical written reference for the underlying methodology.
For deeper coverage of media verification including reverse image search, geolocation, and chronolocation see the existing Photo Forensics Studio, Image Search Hub, and Geolocator pages.
Frequently asked questions
How does C2PA actually work?
A C2PA manifest is a signed JSON-LD document embedded in an image/video/audio file. It includes a chain of "ingredients" (source media), "actions" (capture, edits, AI generation), an X.509 certificate of the signer, and a hash of the media. Verifying = checking the certificate is from a trusted authority and the hash matches. Adobe Firefly, OpenAI DALL-E 3, and recent Sony/Leica/Canon cameras now embed these by default.
Will every AI image have a C2PA manifest?
No. Only images from cooperating generators (Adobe, OpenAI, Microsoft, Google's SynthID is separate). Open-source generators (Stable Diffusion forks, FLUX, Midjourney prior to 2024) generally do not. Manual screenshot-and-resave strips manifests. Treat "has C2PA manifest = trustworthy", but "no manifest" β "synthetic."
Why are AI-text detectors so unreliable?
LLMs are trained on human writing. Their output is statistically similar to human text by construction. Detectors look for subtle distributional artifacts (low perplexity, predictable syntax, low entropy). Light editing by a human, or running through a paraphraser, defeats most detectors. Stanford's 2023 study found human-written essays by non-native English speakers were misclassified as AI 60-80% of the time by leading detectors.
What about Sora video?
OpenAI Sora and other AI video generators are explicitly designed to evade common deepfake detectors. As of early 2026 there is no reliable post-hoc public detector for state-of-the-art AI video. Verification has to come from provenance (was this captured on a known device, by a known person?) and corroboration (does it match independently-recorded events?). The Bellingcat verification handbook is the canonical reference.
How does this relate to misinformation investigation?
AI provenance is a piece of the verification puzzle, not the whole puzzle. The Bellingcat workflow is: (1) reverse image/video search to find earlier copies, (2) geolocate and chronolocate visible features, (3) check for technical tells (EXIF, ELA, C2PA), (4) seek corroboration from independent sources. AI-detection tools fit into step 3 but should never substitute for steps 1, 2, and 4.
Should I trust IPTC Digital Source Type?
It's a standardized metadata vocabulary, not a verification mechanism. Publishers can label media with values like digitalCapture, algorithmicallyEnhanced, trainedAlgorithmicMedia. The label tells you what the publisher claims; it does not prove the claim. Use alongside C2PA (which proves the claim cryptographically) for stronger guarantees.