Comment détecter une image générée par IA ?

TruthLens utilise une combinaison d'Error Level Analysis (ELA), d'analyse PRNU, de modèles de détection IA et de vérification C2PA pour identifier les artefacts caractéristiques des images générées par Midjourney, DALL-E, Stable Diffusion ou d'autres outils génératifs.

Puis-je utiliser TruthLens pour contester une fraude sur Vinted ou LeBonCoin ?

Oui. Le rapport PDF certifié généré par TruthLens inclut le hash SHA256 du fichier, l'horodatage de l'analyse, le score de probabilité et les détails forensiques. Ce document peut être soumis au service client de la plateforme ou à un avocat comme élément de preuve dans un litige.

Qu'est-ce que l'analyse ELA (Error Level Analysis) ?

L'Error Level Analysis (ELA) est une technique forensique qui analyse les niveaux de compression JPEG d'une image pour détecter les zones qui ont été modifiées ou insérées. Les zones manipulées présentent des niveaux d'erreur différents du reste de l'image, révélant ainsi les retouches ou les insertions d'éléments générés.

TruthLens peut-il détecter les deepfakes ?

Oui, TruthLens détecte les images deepfake en analysant les incohérences de bruit capteur (PRNU), les artefacts de génération IA et les métadonnées suspectes. L'analyse vidéo deepfake sera disponible en V2.

Mes images sont-elles conservées après l'analyse ?

Non. Les fichiers uploadés sont supprimés immédiatement après l'analyse. Seuls les métadonnées, le hash SHA256 et les résultats d'analyse sont conservés dans votre historique, conformément à notre politique de confidentialité RGPD.

C2PA and Content Credentials: Content Provenance Explained

In an era where an image can be generated, modified, or fabricated in seconds, one question becomes central: where does this content come from, and what has happened to it? This is exactly the problem the C2PA standard and its Content Credentials aim to solve. Rather than trying to detect a fake after the fact, the provenance approach attaches to the content, from the moment of creation, a verifiable and tamper-evident identity card. Adopted by Adobe, Microsoft, OpenAI, Google, and several camera makers, C2PA is gradually establishing itself as the trust infrastructure for digital media. Here is what you need to understand.

What is C2PA?

C2PA stands for Coalition for Content Provenance and Authenticity. It is both an organization and an open technical standard. The goal: to define a standardized way to record and verify the provenance of digital content — image, video, audio, document — throughout its lifecycle.

The coalition emerged from the merger of two initiatives: the Content Authenticity Initiative (CAI), launched notably by Adobe to champion transparent attribution, and Project Origin, driven by Microsoft and media players to fight disinformation. From this fusion came a single, technical, interoperable standard.

Provenance rather than detection

This is the fundamental shift in paradigm. Most verification tools work after the fact: you receive a questionable image and try to guess whether it has been tampered with. C2PA reverses the logic: you document the origin at the source, in a cryptographically verifiable way. Instead of asking "is this image fake?", you can ask "is this image telling the truth about its own history?".

This approach does not replace detection — it complements it. An image without Content Credentials is not suspicious for that reason; you simply don't have its provenance record.

How C2PA works: the signed manifest

The technical heart of C2PA is the manifest. It is a set of structured metadata, attached to the file, that describes its history and is cryptographically sealed.

What a manifest contains

A C2PA manifest gathers "assertions" — verifiable statements about the content:

Origin: with which device or software was the content created?
Author or publisher: who signed this step (organization, creator)?
Actions: which modifications were applied (cropping, retouching, AI generation)?
Ingredients: which source contents were used to produce this file?
AI usage: was the content generated or modified by a model, and which one?

The cryptographic signature

This is what radically distinguishes C2PA from EXIF. Each manifest is digitally signed by the entity that produces it, using a certificate issued by a trusted authority. This signature relies on asymmetric cryptography: a fingerprint (hash) of the content and metadata is computed, then encrypted with a private key.

Concretely, this guarantees two things:

Integrity: if the content or manifest is modified after signing, the fingerprint no longer matches and verification fails.
Source authenticity: you can verify which entity signed, through the certificate chain.

The provenance chain

When a file passes through several stages (capture, then editing, then export), each compatible tool can add its own manifest, referencing the previous one. You get a provenance chain: a chained, signed history where each link attests to the step it performed. It is this end-to-end traceability that makes the model strong.

Content Credentials: the visible face of C2PA

If C2PA is the technical standard, Content Credentials is the consumer-facing name of the feature — promoted notably by the CAI. It is the "nutrition label" of digital content: a small logo (often a "CR") indicates that a provenance record is available.

By clicking on it, or dropping the file into a verifier, you access the history: created with such a device, edited with such software, or generated by such an AI model. The idea is to make provenance readable by everyone, not just experts.

How to verify Content Credentials in practice

Concretely, verifying a file's provenance goes through a few paths:

The official Content Credentials verifier: you drop the image and the signed history appears, if present.
Tools built into software: some editors and browsers are starting to display the "CR" icon directly.
Analysis platforms: a tool like TruthLens reads the manifest, verifies the signature's validity and the certificate chain, then confronts the result with the file's other signals.

The advantage of automated verification is that it does not merely display the manifest: it checks that the signature is cryptographically valid and that the content has not been altered since. A manifest that is present but invalid is itself important information.

Who adopts C2PA?

Adoption is what turns a standard into infrastructure. And on this front, C2PA has crossed a decisive threshold.

Player	Type	Role in C2PA
Adobe	Software vendor	CAI initiator, Content Credentials in Photoshop and Firefly
Microsoft	Platform	Project Origin, content signing
OpenAI	Generative AI	Content Credentials on generated images
Google	AI / platform	Member, work on provenance and watermarking
Leica, Nikon, Sony, Canon	Camera makers	Signed capture directly in the camera body
News agencies and media	Publishers	Authentication of press photos

The key role of camera makers

The arrival of camera manufacturers is particularly structuring. When a body like the Leica M11-P signs the image at the moment of capture, in hardware, provenance starts at the sensor itself. It is the strongest possible link: a proof of origin anchored to the exact moment of capture, before any passage through software.

C2PA and AI-generated images

On the generative AI side, the movement is just as clear. Several major models now embed Content Credentials that flag an image as machine-produced. This transparency aligns with emerging regulatory obligations, as we detail in our guide on the AI Act and transparency of AI content.

The limits of C2PA

As promising as it is, C2PA is no silver bullet. Understanding its limits is essential to avoid using it naively.

Metadata stripping

This is the most obvious flaw. A C2PA manifest remains, in most cases, attached to the file's metadata. Yet a screenshot, a recompression, or an upload to a platform that cleans metadata can erase everything. The content stays valid, but its provenance record disappears. Recovery mechanisms (such as fingerprint-based association with a cloud registry, or durable watermarks) are being deployed to mitigate this, but they are not universal.

Unsigned content

The overwhelming majority of content in circulation carries no C2PA manifest. The absence of Content Credentials therefore means nothing in itself: neither that the content is fake, nor that it is real. The standard says something only when it is present. For everything else, you must fall back on classic detection methods.

Trust in the signer

C2PA guarantees who signed and that the content has not changed since — but not that the signer is honest. A malicious actor can produce a technically valid manifest attesting to misleading information. The value of a manifest therefore depends on the trust placed in the certification authority and the signer. Cryptography ensures integrity, not the truthfulness of intentions.

Watermarking as a complement

To resist metadata stripping, C2PA is increasingly paired with invisible watermarks embedded directly in the pixels. This complementarity is at the heart of our article on AI watermarking and SynthID, which details how a durable mark survives where the manifest is erased.

C2PA's role in content authentication

C2PA is neither a fake detector nor an absolute guarantee. Its rightful place is that of a provenance layer within a broader authentication strategy.

When a manifest is present and verifiable, it offers the most direct information possible: you know where the content comes from and what it has undergone, without having to guess. When it is absent or erased, you must switch to detection methods — EXIF metadata analysis, ELA, sensor noise, AI vision, watermarks.

This is exactly the articulation TruthLens implements: the pipeline checks for the presence and validity of a C2PA manifest, but never stops there. It cross-checks this signal with pixel-by-pixel ELA, EXIF analysis, AI vision, generator signatures, and PRNU, to produce a consolidated verdict. You can analyze content and verify its provenance in seconds.

Provenance and certified authenticity

At the end of the chain, the goal is to produce a document that holds up. TruthLens seals its analysis report with a SHA-256 fingerprint and an OpenTimestamps timestamp — a logic akin to C2PA's, applied to the report itself. This philosophy of verifiable attestation is developed in our guide on content authenticity in the age of generative AI.

C2PA, regulation, and the future of provenance

The rise of C2PA is not just a technical matter: it fits within a broader regulatory movement. Lawmakers, in Europe and elsewhere, are pushing for more transparency about content origin, especially content generated or modified by AI. C2PA offers a ready-made technical building block to materialize these labeling and traceability obligations.

One standard, several links

The model's strength comes from its chain logic. For it to work fully, every link must play along:

Camera makers sign at capture.
Software vendors record modifications.
AI models declare generation.
Distribution platforms preserve (instead of erasing) manifests.
Verifiers make the information readable on the public side.

It is this last point — preservation by the major platforms — that is currently the main bottleneck. As long as mass-distribution networks strip metadata, the chain breaks at the most critical moment. Ongoing developments (cloud registries, recovery watermarks) aim precisely to rebuild the link even after cleaning.

Provenance and detection: two legs of the same walk

It would be tempting to see C2PA as the future replacement for detection. That is a mistake. As long as a majority of content remains unsigned, detection (EXIF, ELA, AI vision, noise, watermarks) will remain indispensable. The future is not "provenance versus detection," but "provenance and detection," orchestrated together — exactly the model of a multi-layered analysis.

Conclusion

C2PA and Content Credentials represent the most serious bet made to date to restore trust in digital media. By attaching to content a signed, tamper-evident provenance record, they answer the real question of the AI era: not "is this a fake?", but "what do we really know about the origin of this content?". Their limits — metadata stripping, unsigned content, trust in the signer — remind us that no technology suffices alone. C2PA is not the antidote to disinformation: it is one of its best defenses, provided it is integrated into a rigorous multi-layered analysis.

FAQ

Does C2PA guarantee that an image is authentic?

Not exactly. C2PA cryptographically guarantees the integrity of the content since its signing and the identity of the signer. But it does not attest that the signer is honest or that the content reflects reality. It is a verifiable proof of provenance, to be interpreted in light of the trust placed in the source.

What happens if an image has no Content Credentials?

Nothing conclusive. The overwhelming majority of content carries none, and a simple screenshot or upload can erase an existing manifest. The absence of Content Credentials proves neither authenticity nor falsification: you must then resort to classic detection methods (EXIF, ELA, AI vision, watermarks).

What is the difference between C2PA and AI watermarking?

C2PA attaches a signed provenance manifest, usually in the metadata, describing the file's origin and history. AI watermarking (like SynthID) encodes a signature directly in the pixels, which better resists metadata stripping. The two are complementary: one is rich and readable, the other is more durable.

Which devices and software support C2PA today?

On the software side, Adobe (Photoshop, Firefly), Microsoft, and OpenAI integrate Content Credentials. On the hardware side, makers like Leica, Nikon, Sony, and Canon offer or are deploying signed capture in the camera body. News agencies use it to authenticate their photos. Adoption is broadening but remains far from universal.