← Back to Blog
Technology March 16, 2026 · 7 min read

Why Content Credentials Haven't Fixed the Fake Image Problem Yet

The tech industry bet big on C2PA, a cryptographic standard that embeds authorship data directly into images and videos. OpenAI, Adobe, Google, and Microsoft all signed on. So why, in early 2026, is almost no content on the internet actually carrying these labels?

Fragmented digital metadata chains dissolving in dark space, representing broken content provenance

In November 2025, OpenAI announced that every image generated by DALL-E 3, GPT-image-1, and Sora would automatically receive Content Credentials, a cryptographic tag that records the image's origin and confirms it was AI-generated. The pitch was straightforward: a self-labeling internet where you could verify any image's history with a single click.

The reality, four months later, is messier. A Microsoft Research report published in February 2026, titled Media Integrity and Authentication: Status, Directions, and Futures, evaluated the three main approaches to authenticating digital media, and the findings were sobering. Out of all the possible combinations of tools, content types, and distribution channels the researchers tested, only 20 scenarios achieved what they called "high-confidence authentication." The rest fell apart somewhere in the chain between creation and viewing.

What C2PA actually does

C2PA stands for Coalition for Content Provenance and Authenticity. It's an open technical standard backed by Adobe, Microsoft, Google, Intel, Sony, the BBC, and dozens of other organizations. When a camera, phone, or AI tool creates an image, it can embed a cryptographically signed "manifest" into the file. This manifest records who made the content, what tools were used, and whether it was modified afterward.

The concept is solid. If the chain holds, you can open any image in a compatible viewer and see immediately: "This photo was taken on a Sony camera at 3:47 PM on March 12, 2026, in Dublin. It has not been edited." Or: "This image was generated by DALL-E 3 on March 10, 2026." That kind of labeling would make misinformation much harder to spread.

As of early 2026, a handful of hardware makers have shipped C2PA support. The Leica M11-P signs images at capture. Sony's recent Alpha cameras include it. But the Nikon Z6 III, which briefly supported the standard, had to suspend its implementation in September 2025 after a signing vulnerability led to full certificate revocation. The infrastructure is still being worked out.

The metadata stripping problem

Here's the core problem: most platforms strip embedded metadata during normal processing. When you upload a photo to WhatsApp, Instagram, X, or TikTok, the platform compresses and transcodes the file. That process removes the C2PA manifest. Not maliciously. It's a side effect of standard image handling. The credential that was there at the source never reaches the viewer.

PetaPixel's coverage of the Digimarc C2PA Chrome extension in 2025 put it plainly: at that point, basically no photos published online were carrying C2PA metadata. The Wikipedia article on the Content Authenticity Initiative says the same as of early 2026: adoption is lacking, with very little internet content actually using C2PA in practice.

This is the gap between the standard existing and the standard working. A signed image from a Leica M11-P, posted to WhatsApp and forwarded three times, arrives at its destination as an unsigned JPEG. The credential is gone. The viewer has no way to know whether the photo is real or fabricated.

Three tools, twenty winning combinations

The Microsoft report evaluated three distinct authentication methods:

  • Cryptographic provenance (C2PA): The signed manifest approach. High confidence when the chain is intact, but fragile if metadata is stripped.
  • Imperceptible watermarking: Invisible patterns embedded in the pixels themselves, not in the file's metadata. Survives transcoding and compression better than C2PA. Google's SynthID uses this approach. The limitation: watermarks can be removed or degraded with enough effort.
  • Soft-hash fingerprinting: A perceptual hash that identifies content even after minor edits. Useful for tracking where content has been, but not for confirming authenticity at origin.

The researchers found that combining C2PA with imperceptible watermarking provides the highest confidence. The watermark survives platform processing while the C2PA manifest, if preserved, adds a second layer of verification. Neither works well in isolation across the entire distribution chain. Laws in multiple countries are being written that assume these tools work reliably. The Microsoft research shows legislators are moving faster than the infrastructure.

What this means for anyone trying to verify images today

C2PA alone cannot be your verification strategy right now. The absence of a Content Credential does not mean an image is fake. Most real photos have no credentials because the camera didn't support C2PA, or the platform stripped the metadata. And the presence of a credential doesn't guarantee authenticity either. A bad actor with control of the signing infrastructure could generate content with falsified credentials.

Verification in 2026 requires layered approaches:

  • Check content credentials where available using tools like Adobe's Content Authenticity browser extension or verify.contentauthenticity.org
  • Use reverse image search to check when and where an image first appeared online
  • Look for forensic inconsistencies: lighting, shadows, background artifacts, and faces that look too smooth
  • Cross-reference claims with multiple sources, especially for politically charged content
  • Use AI detection tools as one signal among many, not a final verdict

The road ahead

The C2PA standard isn't broken. It's incomplete. The pieces are there: AI generators like OpenAI are signing their output, Adobe Lightroom and Photoshop preserve credentials during editing, and Leica cameras sign at capture. What's missing is the middle layer. Social platforms need to preserve metadata through their processing pipelines instead of stripping it. Until that happens, credentials keep getting lost in transit.

Microsoft's February 2026 report ends with a call for exactly that kind of end-to-end infrastructure, covering not just creation-side signing but distribution-side preservation and viewer-side verification at scale. That's a coordination problem as much as a technical one. It requires platforms, device makers, AI labs, and regulators to agree on a shared pipeline. That takes time.

Until the provenance chain holds end-to-end, skepticism and cross-referencing are the most reliable defenses against AI-generated misinformation.

Tools like FakeOut work in this gap by combining AI detection with reverse search and forensic analysis, working in the absence of metadata rather than relying on it. Free on Android; iOS beta in development.