Comment détecter une image générée par IA ?

TruthLens utilise une combinaison d'Error Level Analysis (ELA), d'analyse PRNU, de modèles de détection IA et de vérification C2PA pour identifier les artefacts caractéristiques des images générées par Midjourney, DALL-E, Stable Diffusion ou d'autres outils génératifs.

Puis-je utiliser TruthLens pour contester une fraude sur Vinted ou LeBonCoin ?

Oui. Le rapport PDF certifié généré par TruthLens inclut le hash SHA256 du fichier, l'horodatage de l'analyse, le score de probabilité et les détails forensiques. Ce document peut être soumis au service client de la plateforme ou à un avocat comme élément de preuve dans un litige.

Qu'est-ce que l'analyse ELA (Error Level Analysis) ?

L'Error Level Analysis (ELA) est une technique forensique qui analyse les niveaux de compression JPEG d'une image pour détecter les zones qui ont été modifiées ou insérées. Les zones manipulées présentent des niveaux d'erreur différents du reste de l'image, révélant ainsi les retouches ou les insertions d'éléments générés.

TruthLens peut-il détecter les deepfakes ?

Oui, TruthLens détecte les images deepfake en analysant les incohérences de bruit capteur (PRNU), les artefacts de génération IA et les métadonnées suspectes. L'analyse vidéo deepfake sera disponible en V2.

Mes images sont-elles conservées après l'analyse ?

Non. Les fichiers uploadés sont supprimés immédiatement après l'analyse. Seuls les métadonnées, le hash SHA256 et les résultats d'analyse sont conservés dans votre historique, conformément à notre politique de confidentialité RGPD.

AI Watermarking (SynthID & co): Strengths and Limits

As AI-generated images become indistinguishable from real photos, the idea of stamping them with an invisible mark at creation has emerged as an appealing answer. Google, OpenAI, Meta and others are deploying digital watermarking systems meant to quietly signal that content is synthetic. But do these watermarks deliver on their promise? This article breaks down how they work, their real-world robustness and why they are never enough on their own.

What Is an Invisible AI Watermark?

An invisible digital watermark is information encoded directly into the pixels of an image, imperceptible to the human eye but detectable by a dedicated algorithm. Unlike a logo stamped in a corner, this mark is spread across the entire image, which makes it far harder to remove.

The goal is twofold: to distinguish AI-generated content from authentic content, and to trace the origin of a visual. Amid rising disinformation and fraud, these watermarks are presented as a pillar of synthetic-content transparency.

The Difference From a Visible Watermark

A visible watermark (semi-transparent text, a logo) alters the image and is easily removed by cropping or retouching. An invisible watermark, by contrast, aims to survive common manipulations while remaining visually undetectable. It is a constant trade-off between robustness and imperceptibility: the more robust the mark, the greater the risk it becomes visible, and vice versa.

SynthID: Google DeepMind's System

SynthID is the watermarking technology developed by Google DeepMind. It is currently one of the most advanced and best-documented approaches on the market.

How SynthID Works for Images

SynthID embeds the watermark directly into the image generation process, not after the fact. The mark subtly modifies the pixel distribution in a way that is statistically detectable yet visually invisible. Because it is written into the heart of the content, it survives certain transformations like recompression or light filters better than metadata does.

Google has extended SynthID beyond images: there are now variants for generated text, audio and video. For text, the system subtly steers token choices during generation, creating a probabilistic signature detectable statistically over sufficiently long passages.

SynthID's Strengths

Invisibility: no perceptible degradation of image quality.
Moderate resistance: holds up against light modifications (compression, color adjustments, moderate cropping).
Native integration: applied at generation on Google models (Imagen, and images produced through Gemini tools).
Probabilistic detection: provides a confidence level rather than a binary answer.

Other Marking Systems

SynthID is not alone. The ecosystem is organizing around several approaches, sometimes complementary.

Provider-Specific Watermarks

Several players have deployed their own mechanisms. Some open-source models embed invisible watermarks by default in their pipeline. Other providers lean more on provenance metadata than on pixel-level marking.

Complementarity With C2PA

Two families must be distinguished: the watermark written into the pixels, and cryptographically signed provenance metadata. The C2PA standard (Content Credentials) belongs to the latter: it attaches a signed manifest to the file describing its origin and history. Watermark and C2PA are complementary — the former survives when metadata is stripped, the latter carries rich, cryptographically verifiable information. We detail this standard in our article on C2PA and Content Credentials.

Approach	Where the info lives	Survives a screenshot	Survives metadata stripping
Invisible watermark (SynthID)	In the pixels	Partially	Yes
C2PA metadata	In the file header	No	No
Visible watermark	On the image	Yes	Yes
Forensic analysis	Reconstructed after the fact	Yes	Yes

How Is a Watermark Encoded Into the Pixels?

Understanding the strengths and limits of watermarks requires grasping, without diving into the math, how the information is hidden in them.

The Spatial Domain and the Frequency Domain

Early digital watermarking techniques directly modified the value of certain pixels (the spatial domain), for example by adjusting the least significant bit of each pixel. Simple, but fragile: the slightest recompression erases these micro-variations. Modern approaches instead operate in the frequency domain: the image is transformed (via DCT or wavelets), and the mark is inserted into frequency coefficients chosen for their robustness. The watermark is thus spread across the whole image and resists transformations better.

The Robustness / Imperceptibility / Capacity Trade-off

Every watermarking system juggles three conflicting goals: robustness (surviving manipulations), imperceptibility (staying invisible) and capacity (the amount of information encoded). Increasing one generally degrades the others. This is why a robust provenance watermark encodes little information — often just an "AI-generated content" flag and a signature — rather than a long message. SynthID has precisely optimized this triangle for images, favoring robustness and invisibility at the expense of capacity.

Probabilistic Detection, Not Binary

A crucial point: a watermark detector does not answer with a simple yes/no, but with a confidence score. On a slightly degraded image, the signal weakens and confidence drops. This granularity is a strength — it avoids false certainties — but it requires interpreting the result rather than taking it at face value.

Real-World Robustness: What Erases a Watermark

This is the crux of the matter. A watermark only has value if it survives the manipulations an image undergoes in real life. And attacks, intentional or not, are numerous.

Transformations That Weaken the Mark

Screenshotting: recreating the image via a capture can disturb or remove the mark depending on the system, because the pixels are resampled.
Aggressive cropping: removing a large portion of the image reduces the signal available for detection.
Repeated recompression: saving multiple times as low-quality JPEG progressively degrades the watermark.
Resizing and resampling: alter the pixel grid the mark relies on.
Adversarial attacks: tools specifically designed to remove watermarks exist and keep improving.

The Problem of Deliberately Absent Marking

The most fundamental limit is structural: only a provider who chooses to embed a watermark does so. An image generated by an unmarked open-source model, or by a malicious actor who disables the marking, will carry no watermark. The absence of a watermark therefore never proves an image is authentic. This is a crucial asymmetry: the presence of a watermark is informative, its absence is not.

This is exactly why marking cannot be the sole safeguard, as we explain in our guide to detecting an AI-generated image through a multi-layer approach.

Why Watermarking Is Never Enough Alone

Let us gather the limits: a watermark can be absent (unmarked model), erased (screenshot, recompression, attack) or simply undetectable for lack of the right detector. Relying on it alone would mean declaring authentic any image without marking — a gaping flaw.

The Need for a Bundle of Indicators

The robust answer is to combine several independent layers:

Watermark detection when available (SynthID and others).
Provenance verification via C2PA metadata.
Forensic signal analysis: ELA, noise statistics, search for generation artifacts.
AI vision detection: a classifier trained to distinguish real from synthetic.
Reverse image search to recover the original context.

Each layer compensates for the blind spots of the others. An erased watermark is caught by forensic analysis; an unmarked image by AI vision. This convergence logic is what TruthLens implements, aggregating these signals into a consolidated verdict rather than relying on a single test.

A Practical Decision Flow

When you receive an image and want to assess its origin, a watermark-aware workflow looks like this:

Check for a known watermark (SynthID and other supported detectors). A positive hit with high confidence strongly suggests AI origin.
Read the provenance metadata (C2PA Content Credentials) if present, to see what the file declares about its history.
If no marker is found, do not stop. Absence is uninformative on its own — proceed to forensic analysis.
Run the forensic layers: ELA for retouching, sensor-noise analysis for the absence of a real capture pipeline, and an AI-vision classifier for a probability score.
Cross-reference with reverse image search to recover context, then form a reasoned verdict.

The key discipline is step 3: never treat a missing watermark as a clean bill of health. The most dangerous images are precisely those crafted to carry no marker.

The Special Case of DALL·E and GPT-4o Images

Images produced by OpenAI's tools illustrate the complementarity well: they embed C2PA Content Credentials flagging their AI origin. But this metadata vanishes at the first screenshot share. For these visuals, forensic analysis remains essential, as detailed in our dedicated article on detecting DALL·E-generated images.

Watermarking and the Regulatory Framework

Marking AI content is no longer just good practice: it is becoming an obligation. The European AI Act imposes transparency requirements for AI-generated content, including machine-readable marking. Invisible watermarks like SynthID fit within this regulatory logic.

But lawmakers themselves acknowledge the technical limits: marking that is robust "as far as possible" does not guarantee indelibility. Compliance therefore does not remove the need for independent verification capability. We explore these obligations in our analysis of the AI Act and AI-content transparency.

Watermarking on the Creation Side vs the Verification Side

Two roles must be distinguished. The creator of content (a studio, a platform, a model provider) applies a watermark to responsibly signal its origin. The verifier (a journalist, an insurer, a lawyer), by contrast, receives an image they know nothing about and must qualify it. But the verifier controls neither the initial marking nor its survival. They inherit an image that may be unmarked, recompressed, screenshotted. Their need is therefore not to "read the watermark" but to "obtain a verdict, whatever the state of the marking." This is exactly the role of a multi-layer forensic analysis.

Toward Standardization?

The industry is slowly converging on shared frameworks. The C2PA coalition, which brings together major tech and media players, is pushing for interoperable provenance, and some are working to articulate watermark and Content Credentials in a complementary way. This convergence is encouraging, but it will take years to become widespread, and malicious content will, by definition, remain outside these standards. Independent verification therefore keeps its full relevance.

For professionals who must produce defensible proof, combining mark detection, provenance verification and forensic analysis remains the most reliable path. You can analyze an image and check for the presence of markers in seconds.

FAQ

Does an invisible watermark guarantee an AI image will always be detected?

No. The watermark is present only if the provider chose to embed it, and it can be erased by screenshotting, recompression or a dedicated attack. Moreover, detecting it requires the right detector. Its presence is a strong indicator of synthetic origin, but its absence proves nothing about authenticity.

Does SynthID work on every AI image?

No. SynthID only marks content generated through Google tools that integrate it. An image produced by Midjourney, Stable Diffusion or an unmarked open-source model will carry no SynthID watermark. The SynthID detector recognizes only its own signature.

Should I favor the watermark or C2PA?

Both are complementary. The watermark survives metadata stripping better because it is written into the pixels, while C2PA carries rich, cryptographically signed provenance information but vanishes on a screenshot. A robust strategy combines them, on top of forensic analysis.

How do I verify an image when no watermark is detected?

By relying on the other layers: C2PA provenance verification, forensic signal analysis (ELA, sensor noise), AI vision detection and reverse image search. A platform like TruthLens aggregates these signals to produce a reasoned verdict, even in the total absence of marking.

Can an invisible watermark be removed deliberately?

Yes, to some extent. Adversarial attack tools designed to erase or scramble watermarks exist, and mundane manipulations (screenshotting, aggressive recompression, resizing) often achieve it without malicious intent. This is one reason no serious system presents the watermark as infallible: it should be treated as one layer among others, never as an absolute guarantee.