The case for image provenance is not that synthetic media is new. Photographic fakery is older than photojournalism. The case is that the cost of producing a convincing fake has collapsed faster than any technical or social mechanism can react, and that the only proposed defenses that scale — content credentials, watermarks, and signed capture pipelines — share a common premise: they describe the history of a file rather than judging its truth.
Provenance is the documented chain of how a digital image came to exist in its current form. It says: a sensor of this make captured these pixels at this time; an editor opened the file and applied these operations; a publisher exported it with these compressions. Each step is signed by a known actor. None of that proves the image is honest. It proves only that specific claims were made, by specific parties, in a tamper-evident way. That is a narrower guarantee than most readers want, and it is also the only guarantee a cryptographic system can offer.
This page lays out why that narrow guarantee has become urgent. The audience is anyone who needs to make a working assessment of an image in 2026 — a wire-desk editor, a forensic examiner, a judge ruling on evidence admissibility, a platform trust-and-safety lead, or a citizen trying to decide whether a viral post is worth resharing. The argument has three parts: trust in unmarked images has collapsed faster than expected; pure detection has structural limits; and provenance, despite its known weaknesses, is the only available answer that survives contact with the actual production economy.
The collapse curve since 2023
The inflection point most observers cite is the public release of Midjourney v5 in March 2023, when generated portraits crossed the threshold of being indistinguishable from photographs to non-expert viewers under normal viewing conditions. By the end of 2023, DALL·E 3 had shipped inside ChatGPT and Stable Diffusion XL had been released as open weights. Image generation was no longer a hobbyist activity gated by GPU access; it was an API call. By 2024, models had begun to fix the long-standing failure modes — extra fingers, garbled text, melted jewelry, asymmetric eyes — that detection guides had relied on for two years.
The volume of synthetic content followed. Deloitte's 2025 TMT Predictions projected that synthetic media could account for as much as 90 percent of online content by 2026, a figure that has been heavily contested but is directionally consistent with what platforms report seeing in upload queues. What matters for this page is not the precise share but the asymmetry: generation is fast and cheap, while verification of an unmarked image requires expert labor and produces probabilistic answers. A newsroom can vet a single image in twenty minutes. It cannot vet a thousand.
The 2024 cycle made the consequences concrete. Robocalls impersonating President Biden circulated in New Hampshire in January 2024. Deepfaked images of Donald Trump being arrested spread globally in March 2023. Voice-cloned scams targeting elderly relatives became routine enough to prompt FBI alerts. None of this proved that elections were swung by AI — the evidence on that question remains mixed — but it did prove that the marginal cost of plausible fakery had reached zero and that the defensive infrastructure had not adapted.
Why detection alone cannot close the gap
Detection is the natural first response. If we cannot tell synthetic from real by looking, perhaps a classifier can. The empirical record of the past three years is unkind to this hope. Detectors trained on outputs from one model family collapse against outputs from another. They collapse further against images that have been re-saved at a different JPEG quality or cropped. They produce false positives on legitimate photographs that happen to be over-processed or shot on unusual sensors. And every new generation of generative model is, in part, trained against the current detectors.
This is not a research failure. It is a structural property of an adversarial game in which the generator has the last move and unlimited tries. A model that produces a billion images a week can be tuned, fine-tuned, or fronted by an adversarial post-processor specifically to defeat the public-facing detector. The defender, working with a fixed training distribution, cannot keep up. The AI image detection page covers the academic results in detail; the short version is that no general-purpose detector has held up at production accuracy across model families and time.
This does not make detection useless. It remains valuable as a triage tool, as a per-model classifier inside a controlled pipeline, and as one input among several in a verification workflow. But it cannot bear the weight of public trust on its own, and the people building it have been saying so for years.
What provenance changes
Provenance inverts the question. Instead of asking the image to prove itself innocent, it asks the producer to attach a verifiable record of origin. The C2PA standard, the dominant technical specification, defines how that record is constructed, signed, and embedded. When a Leica M11-P presses the shutter, the camera writes a manifest that hashes the pixel data, records capture metadata, and signs the result with a hardware-protected key. When Adobe Photoshop exports an edited version, it appends a new manifest that references the prior one and lists what changed. When a journalist publishes the result, the chain is visible to anyone with a validator.
This shifts the verification problem from "is this real?" — an unanswerable epistemic question about the photographic referent — to "is this from where it claims to be from?" — a tractable cryptographic question about signatures and trust roots. It does not solve every problem. A signed image can still be a staged scene. A signed AI output is still AI output. But it lets a publisher assert origin in a way that survives screenshots, lets a downstream consumer verify that assertion, and lets a journalist's repudiation of a fake be evidentially distinct from the fake itself.
The economics of the shift
Three forces drove provenance from a research curiosity into a near-mandatory feature between 2023 and 2026. Camera makers needed a credible answer for news customers worried about evidentiary value. AI platforms needed a credible answer for regulators threatening to require it. Platforms needed a credible answer for advertisers worried about brand safety alongside deepfake content. C2PA was the only standard with enough industry consensus to satisfy all three.
The result is that signed capture is now present in the highest-end cameras (Leica M11-P shipped in October 2023, the Sony α-series gained C2PA support through Imaging Edge in 2024, Nikon's Z6 III added then suspended C2PA after a 2025 signing vulnerability), in flagship phones (Samsung Galaxy S25 in January 2025, Google Pixel 10 with hardware-backed signing on Titan M2 in September 2025), and in the major AI generators (Adobe Firefly, OpenAI DALL·E 3 and Sora, Google Imagen). Adoption status is tracked in detail on the adoption status page.
Regulation pushed the same direction. The EU AI Act, in force since August 2024, requires under Article 50 that synthetic media be marked in a machine-readable way; those obligations apply from 2 August 2026. California SB 942 added disclosure requirements for generative AI providers operating in the state. China's deep synthesis rules, in force since January 2023, were the earliest national requirement. The combination of regulatory pressure and industry coordination has made provenance the default integration target for any actor that intends to participate in mainstream image distribution.
What the field still gets wrong
Two failure modes dominate. The first is treating a missing credential as evidence of fakery. The vast majority of images on the internet have no credential because no signing infrastructure ever touched them; this includes most legitimate journalism shot on cameras released before 2023. The absence of a manifest is not a signal. The presence of one, validated against a known signer, is.
The second is treating the presence of a credential as a guarantee of truth. A bad actor can sign a staged scene with a perfectly valid certificate. A misconfigured camera can sign incorrect EXIF. A user can deliberately strip prior manifests by re-saving in a tool that does not preserve them. What credentials do is shift forgery from "modify the pixels" to "compromise the signing key or impersonate a trusted signer" — a much harder problem, but not an impossible one. The limitations of provenance page goes deep on this.
There is also a third, quieter failure: the assumption that provenance will eventually become universal. It will not. Surveillance images, leaked documents, citizen video from authoritarian regimes, and a long tail of legitimate use cases will never carry credentials. Provenance is one signal in a larger verification practice, not a replacement for it. Anyone planning an editorial or evidentiary workflow around credentials alone is planning for a world that will not exist.
Where the field is moving
The trajectory through 2026 is toward defense-in-depth. Hard cryptographic bindings handle the case where the file arrives intact. Durable Content Credentials — combining watermarking and fingerprinting against a lookup service — handle the case where the manifest is stripped. Detection handles the residual case where no provenance signal exists. Reverse search, metadata analysis, and forensic examination handle the long tail. No single layer is sufficient, and the operational question for the next several years is how to combine them.
The remaining open questions are governance ones. Who decides which signers are trusted? What happens when a national identity scheme issues C2PA certificates and a journalist refuses to use it on source-protection grounds? How do platforms reconcile the EU's marking requirement with their existing metadata-stripping behavior? These are not problems any specification can solve. They are the political and editorial questions that the next several pages of this reference try to lay out without pretending there is consensus where there is not.