how to check an image’s content credentials

what content credentials are

content credentials are a tamper-evident record of where a file came from. the open standard behind them, C2PA, attaches a cryptographically signed manifest to the file: a kind of nutrition label listing who created or edited it, which device or software was used, and whether AI was declared along the way. that record is anchored with SHA-256 hashes and X.509 certificates, and the issuers that sign it appear on a published trust list, so a viewer can tell a genuine signature from a forged one.

two systems matter for a quick check. C2PA covers the visible, inspectable manifest that cameras, editing tools and some AI labs now write. Google’s SynthID is a separate, invisible watermark baked into content from Google’s own models. they answer different questions, and you check them in different places.

how to check a file for C2PA credentials

drag the file into the free Verify tool at contentcredentials.org/verify (it now redirects to verify.contentauthenticity.org). it runs in your browser, so the file isn’t uploaded to a server, and if the image still carries a manifest you’ll see the signer or issuer, the capture device or software, whether AI tools were declared, and the recorded edits with timestamps.

on sites and apps that display it, look for the small ‘Cr’ content credentials pin on an image. clicking it opens that same provenance panel inline. a browser extension surfaces the pin as you browse, and a growing set of editing tools write the credential as you work.

what a credential proves, and what it doesn’t

a valid credential proves one thing: the file hasn’t changed since it was signed, and here is what the signer recorded. it does not prove the scene is real. the C2PA explainer is blunt about it, stating that provenance “cannot tell you whether the digital content is true, accurate or factual.” a signed image can still show a staged or AI-generated scene if that’s what the signer declared, or failed to declare. a declared ‘AI used’ assertion is the signer’s own claim, not an independent finding.

absence is not evidence either. the spec explicitly rejects a ‘two-tier’ world where files without a credential are treated as less trustworthy than files with one. most images online never carried a credential at all. a missing one tells you nothing about whether the content is real or AI-made.

how to check for Google’s SynthID watermark

to check whether an image, clip or audio file came from a Google model, scan it with the SynthID Detector portal, which Google launched on May 20, 2025. it looks for SynthID, an invisible watermark Google embeds in content from Gemini, Imagen, Veo and Lyria, and highlights which parts of a file are more likely to be watermarked. Google says over 10 billion pieces of content have been watermarked with SynthID, though that figure is the company’s own self-report, not an independent count.

two caveats decide how far to trust the result. access to the portal has been waitlisted, opening first to journalists, researchers and media partners, so confirm current availability before you rely on it; you can also upload an image straight to Gemini and ask. and SynthID only flags content from Google’s own models. a ‘no watermark’ result does not mean a human made the file, only that this particular watermark wasn’t found.

the watermark is sturdier on pixels than on prose. for images, video and audio it’s built to survive cropping, filters, compression and frame-rate changes. the text watermark is the weak link: independent robustness work finds detection degrades under paraphrasing, copy-paste edits and back-translation, and that it’s weaker on short or fact-dense text, where there’s little room to nudge word choices.

why the image you’re checking probably has none

most platforms strip C2PA metadata the moment you upload. WhatsApp, iMessage and Facebook re-encode images and drop the embedded manifest, and Instagram, X, TikTok and LinkedIn commonly do the same. a screenshot or a re-save in any tool that isn’t credential-aware wipes the manifest too, because the container holding it is discarded on the way out. so the everyday image, shared two or three platforms deep, has usually lost whatever credential it started with.

‘durable’ credentials are the workaround. these pair the manifest with an invisible watermark and a fingerprint lookup, so a stripped credential can sometimes be recovered by matching the file back to a registry. it works only if the original signer turned it on, and it trades away some of the cryptographic security guarantees to gain that durability.

who actually signs content credentials

signers now span cameras, AI labs and platforms. some cameras sign a C2PA manifest in hardware at the moment of capture, and the roster of supporters runs through Adobe, Amazon, the BBC, Google, Meta, Microsoft, OpenAI and Sony, OpenAI among the AI labs that sign their generated images. that breadth is why a credential is worth checking, and also why coverage is uneven: it depends entirely on whether each tool in the chain chose to sign.

even a valid signature isn’t the last word. a documented flaw in one camera maker’s credential implementation let unauthentic images be wrapped under a signature that still validated, which forced a certificate revocation. read the issuer and the edit trail, not just the green check.

how amige. reads provenance

amige. treats provenance as one input, never the answer. when a file carries a valid C2PA manifest or a detectable SynthID watermark, amige. reads it as corroborating context, ‘this resembles Google-model output’ or ‘this file declares an AI edit’, and surfaces the issuer and edit trail for you to inspect. that context can raise or temper the read from amige.’s panel of independent detectors built by different teams, which runs alongside its best guess at the model behind the file.

because credentials are stripped by most platforms, erased by screenshots, and SynthID covers only the models that embed it, amige. never treats a missing credential as evidence of anything, and never upgrades a present one into proof. when the signals conflict, the verdict reads ‘uncertain’, and as new generators ship, amige. recalibrates. provenance just adds a layer of receipts, or fails to. the verdict stays a probabilistic estimate. see how the rest of it fits together on the machine.