It’s becoming increasingly important to be able to distinguish between real images and ‘deepfakes’ – synthetic images generated by AI. Providers have strategies to ‘watermark’ these synthetic images, so they can be easily detected as fakes. But, as reported in Ars Technica, researchers have already found ways around that:

Feizi and his coauthors looked at how easy it is for bad actors to evade watermarking attempts. (He calls it “washing out” the watermark.) In addition to demonstrating how attackers might remove watermarks, the study shows how it’s possible to add watermarks to human-generated images, triggering false positives. Released online this week, the preprint paper has yet to be peer-reviewed; Feizi has been a leading figure examining how AI detection might work, so it is research worth paying attention to, even in this early stage.

It’s timely research. Watermarking has emerged as one of the more promising strategies to identify AI-generated images and text. Just as physical watermarks are embedded on paper money and stamps to prove authenticity, digital watermarks are meant to trace the origins of images and text online, helping people spot deepfaked videos and bot-authored books. With the US presidential elections on the horizon in 2024, concerns over manipulated media are high—and some people are already getting fooled. Former US President Donald Trump, for instance, shared a fake video of Anderson Cooper on his social platform Truth Social; Cooper’s voice had been AI-cloned.

If we’re about to be swamped by AI generated deepfakes, we need a solution – something that will withstand attacks by researchers – and we need it fast.

Read the full article here.