An early look at cryptographic watermarks for AI-generated content
18 comments
·March 19, 2025yalogin
colmmacc
GenAI producers have an incentive to watermark ... it helps them avoid consuming generated output for their own training processes. Most "attackers" aren't going to be sophisticated enough to use a modified non-watermarking tool, and those are likely to fall behind in capability over time anyway. So there's a decent chance here that things could align for watermarking without needing regulation. It probably hinges on whether the stenography can be good enough to avoid being trivially removed or undone.
amelius
> GenAI producers have an incentive to watermark
Yeah in the long run you might be right, but there will be lots of people looking for a quick opportunity. E.g. a content farmer trying to SEO. If Google punishes websites for serving AI generated content, you know where this will end.
jfarina
I disagree that attackers aren't sophisticated enough to use modified tools. There are entire work campuses dedicated to committing fraud. There's also state sponsored subterfuge. There's no reason to think that bad actors are intrinsically unsophisticated.
atrus
There's nothing wrong with consuming generated output for training. Blindly accepting trash input is the issue.
ben_w
> Why would an attacker use it willingly?
Lots of people are very lazy.
Citation: all the times we already spot obvious AI-generated comment, which in the early days included the models literally saying "As an AI language model" and this ending up in Amazon reviews etc.
currymj
i also doubt practicality. but if the technology worked "well enough" and the major consumer-facing AI companies did it, it would help a lot with certain problems.
if you're technically sophisticated you can easily evade it of course. but 1) most people aren't technically sophisticated, 2) one can ask "why are you going through all this effort to remove the watermark if you aren't trying to deceive anyone"?
PeterStuer
I'm not sure a good case is made here regarding the "problems" this is intended to solve.
OTOH, could this be another step towards prohibiting Open Source models?
pizzafeelsright
Watermarking seems silly considering the original intent of the Internet was sharing data. The value is in the delivery.
quickpopin
Building increasingly advanced and hard to detect tools for, and obligating platforms to allow, user media uploads with embedded steganographic data is a disaster from a legal and content moderation perspective.
ForHackernews
Isn't it better/easier to go the other way? What if cameras included some kind of secured element that signed real content?
Maybe it would technically be possible to defeat, but we're already pretty good at making it difficult/expensive to extract a private key from hardware.
OnACoffeeBreak
That's what Content Authenticity Initiative (CAI) is trying to accomplish.
RKFADU_UOFCCLEL
People like this aren't actually concerned with the problems they talk about, they just stop thinking it through when it looks like the meta is favorable to their business model. Then they say "the internet is broken, only we can save it". Etc., nothing new or interesting even from a political perspective. For example how Google one day out of the blue decided they need to track mouse movement to prove anyone is human (in this case, likely to feed data to police because that's a globally unique identifier). They just decided that's the only solution to the "Problem" (TM).
Without going into the technical efficacy of such schemes ( I am a skeptic), the proposed solution requires the entity generating the media to use it. Isn’t that a flaw? Why would an attacker use it willingly? If they did not want to push an AI generated content as a real one, they would have willingly made that distinction themselves.
The point is, there is no good solution here unless there is regulation, but these attempts at solutions are useful in the long run