OpenAI borrowed Google's secret weapon to detect AI images. Here's exactly how both technologies work — and where they still break.
That's how many images were generated through ChatGPT in a single week — the number that landed May 19, 2026 and put OpenAI on notice fast enough to ship a major announcement. The problem: almost none of them can be reliably verified as AI-generated once they leave ChatGPT and start travelling across the internet.
They get screenshotted. Reposted. Compressed. Cropped. Saved as different formats. By the time a fake headshot of a CEO or a fabricated protest photo lands on your timeline, the trail is cold.
The old solution was EXIF metadata — cameras bake origin information into image files. Problem: any image editor can strip or fake EXIF data in three seconds. It was never designed for adversarial conditions. The internet needed something fundamentally different.
OpenAI's response: adopt Google DeepMind's SynthID watermarking (the exact same system Google already built into Gemini) and pair it with an open standard called C2PA. Then launch openai.com/verify so anyone can check.
But these two technologies work completely differently, fail in completely different ways — and one is orders of magnitude harder to break than the other. Let's go deep.
The dual-layer system OpenAI (and Google) uses combines two fundamentally different approaches. Understanding why they're different is the whole point.
Founded 2021 by Adobe, Microsoft, BBC, Intel, ARM. A cryptographically signed manifest attached to the image file. Contains who created it, when, what tools, what edits — verifiable against the creator's public certificate.
What it records:
Fatal flaws:
Built by Google DeepMind. A neural watermark embedded directly into pixel values at generation time. Invisible to human eyes. Uses frequency-domain steganography — the pattern lives inside the image content, not attached to it.
What makes it durable:
Where it breaks:
Click each stage to see exactly what happens to both signals as an AI-generated image travels from ChatGPT through the real internet.
Most explainers skip the actual mechanism. Here's what SynthID's encoder does at a technical level — and why it survives what kills metadata-based approaches.
Steganography — hiding a message inside another message — is the key idea. Medieval spies shaved a messenger's head, tattooed a message on the scalp, waited for hair to regrow, then sent them through enemy lines. SynthID does the same thing with pixels instead of scalps.
Frequency domain representation: SynthID targets the high-frequency bands (right) that human vision is least sensitive to.
After an image is generated by the diffusion model, SynthID's encoder network takes the finished image and applies learned perturbations to pixel values. These aren't random noise — they're structured according to a cryptographic key pattern, distributed across the entire image in the frequency domain.
Human vision is most sensitive to low-frequency changes — broad colours, overall composition. SynthID targets the high-frequency zones — fine textures, sharp edges — where modifications of ±1–2 RGB units are statistically detectable but perceptually invisible.
The three panels show: original image, SynthID-watermarked (±1.5 RGB), and amplified 25× (what the neural detector reads). Toggle modes to see the difference.
SynthID confidence across real-world transformations
The 40% dashed threshold — signals below it return "no watermark found."
Simulate what openai.com/verify returns for different scenarios — including images from Gemini Nano and Gemini Omni verified through Google's tool.
Select a scenario to run verification
Here's what barely got covered in the OpenAI announcement. Google didn't just invent SynthID — they already deployed it. Gemini Nano, Gemini Flash, Gemini Pro, and Gemini Omni all have SynthID embedded at generation time. Google built this, shipped it quietly, and had been running it in production while OpenAI was still figuring out their C2PA compliance.
More importantly — Google built the verification side. You can upload any image to Gemini and ask: "Was this made by Google AI?" Gemini checks both the SynthID watermark in the pixels and the C2PA metadata, and gives you a confidence-weighted answer.
Try it: Generate any image in Gemini, download it, re-upload to Gemini and ask "Was this image generated by Google AI?" It will detect both the SynthID watermark and C2PA credentials — confirming the image as Gemini-origin. Works across Gemini Nano, Flash, Pro, and Omni.
Google also expanded SynthID detection into Chrome and Google Search — meaning verification is moving to infrastructure level. Every image you see in your browser could soon carry a small provenance indicator, without you needing to visit a verification tool at all.
OpenAI's choice to adopt SynthID — a competitor's technology — is genuinely unusual. It signals that SynthID is robust enough that building a competing watermarking standard would fragment the ecosystem in a way that's bad for everyone. So they collaborated instead.
The announcements won't always say this clearly. Here's the honest breakdown.
The deeper problem: provenance is an ecosystem problem, not a technology problem. SynthID is technically impressive. C2PA is architecturally sound. But both require buy-in from every link in the chain — generators, editors, platforms, browsers, end users. The image that goes ChatGPT → downloaded → Photoshop → Telegram → Twitter? It arrives clean. No manifest. Watermark degraded. No definitive claim.
If you're building anything in the AI space — or thinking about where the internet is heading — here's what actually matters.
Deep technical breakdowns, build walkthroughs, and real AI product tutorials — for founders, operators, and developers who want to stay on the right side of the gap.