back to top
HomeTechAI Content Got Too Real. Now OpenAI and Nvidia Are Using Google’s...

AI Content Got Too Real. Now OpenAI and Nvidia Are Using Google’s Watermarking System.

- Advertisement -

Three years ago, Google introduced a watermarking system for AI-generated content called SynthID. Nobody was required to use it. It was just Google’s answer to a problem the rest of the industry hadn’t fully admitted existed yet.

Now OpenAI is using it. So is Nvidia. So are ElevenLabs and Kakao. And Google says SynthID has already been applied to 100 billion images and videos, plus 60,000 years worth of audio.

The timing matters. AI-generated images and video have gotten good enough that the old tells, the extra fingers, the smeared text, the wrong shadows, are mostly gone. What replaces them as a detection method isn’t human judgment. It’s watermarking inserted into the content at the point of generation, before it ever reaches anyone’s feed. SynthID is Google’s bet on how that works at scale, and a growing number of the industry’s biggest names are now betting alongside it.

Why SynthID is harder to remove

Most AI content labeling today relies on metadata. A file gets tagged at creation describing how it was made, which tools were used, whether generative elements were involved. Google uses this approach too, through the C2PA standard, and its Pixel 10 phones now embed that information directly into photos and videos at capture.

The problem with metadata is that it’s removable. Screenshot a tagged image and the metadata doesn’t come with it. Run it through a compression tool, crop it, repost it somewhere that strips file information, and the label is gone. The content looks clean even if it wasn’t.

SynthID works differently. The watermark lives in the pixels of an image or video, in the waveform of an audio file. It’s not attached to the file, it’s woven into the content itself. According to Google DeepMind scientist Pushmeet Kohli, the system was specifically engineered to survive the kinds of transformations people actually use: compression, cropping, rotation, format conversion.

That robustness is what makes it worth building around. A watermark that disappears when someone screenshots it isn’t a watermark, it’s a suggestion. SynthID is designed to persist through the ways content actually travels across the internet, which is why the detection side of the system can still find it even after the file has been through several hands.

Some researchers have claimed to find methods for removing SynthID patterns. Google’s position is that none of these bypasses actually work at scale. That’s a claim worth watching as adoption grows and the incentive to crack it increases.

What changes when OpenAI and Nvidia are in

The limitation of SynthID until now was straightforward: it only labeled content that Google’s own models generated. Every image from Midjourney, every video from Sora, voice clone from any of a dozen startups came with no SynthID watermark at all. Detection tools trained on SynthID patterns were only useful for a fraction of what was actually circulating.

That changes when OpenAI adds SynthID to GPT-2 image generation and Nvidia adds it to its Cosmos world foundation models. GPT-2 images are already widely used and Cosmos is Nvidia’s foundation for video and simulation content generation. ElevenLabs is one of the most widely used AI voice platforms available. Kakao has significant reach across Asian markets.

None of this closes the gap entirely. Open source models exist specifically so anyone can generate content on their own terms with no watermarking required. That category isn’t going anywhere. But the calculus shifts when the major commercial generators are all stamping their output with the same system. The content most people encounter from mainstream tools starts carrying a detectable signal. The content that doesn’t becomes more conspicuous by its absence.

It also matters that these companies are adopting the same standard rather than building competing ones. A fragmented watermarking landscape, where OpenAI has one system, Google has another, and Nvidia has a third, would be nearly useless for detection at scale. Convergence on SynthID, even partial convergence, is what makes the detection infrastructure worth building.

You May Like: Google’s Next AI Bet Isn’t on Chatbots. It’s on Agents That Do the Work.

What SynthID can’t control

This solution is not permanent for every AI generated content. Open source image and video models are not part of this. Anyone running a local model, fine-tuning their own weights, or building on publicly available checkpoints has no obligation to apply SynthID and no infrastructure to do it through. That category of content generation is growing and it sits outside what any commercial watermarking partnership can reach.

There’s also the screenshot problem for content that predates this rollout. Three years of AI images already circulating without SynthID don’t retroactively get labeled. The system only marks what gets generated through participating platforms going forward.

And watermarks can be attacked. Google maintains that no bypass actually works at scale, but that claim gets tested harder as adoption grows and the incentive to crack it increases. A watermarking system that covers most major commercial generators becomes a more valuable target than one covering only Google’s own models.

What SynthID gives you is signal on content from mainstream commercial tools. That’s genuinely useful. It’s not a solved problem.

Where this goes next

Google is expanding where SynthID detection actually lives. Circle to Search, Lens, and AI Mode will all be able to scan for the watermark. Gemini in Chrome can check a tab’s content directly if you ask whether something is AI-generated. The complexity of checking drops significantly when detection is built into the tools people already use.

Google is also opening parts of SynthID up to enterprise customers through its Gemini Enterprise Agent Platform. The company still isn’t releasing a fully public detection API because that would make it easier for people to study the system and try to bypass it. But businesses can now use official verification tools to check whether text, audio, or video contains a SynthID watermark.

SynthID is becoming the closest thing the industry has to a shared standard for AI content labeling because enough major players decided building their own wasn’t worth it. That’s how infrastructure standards usually happen.

Don’t miss any Tech Story

Subscribe To Firethering NewsLetter

You Can Unsubscribe Anytime! Read more in our privacy policy

LEAVE A REPLY

Please enter your comment!
Please enter your name here

YOU MAY ALSO LIKE
Anthropic Secretly Tracked Claude Code Users. Then Called It an Experiment

Anthropic Secretly Tracked Claude Code Users. Then Called It an “Experiment.”

0
There's a version of this story where Anthropic was trying to protect itself from large-scale model theft. There's another where one of the AI industry's biggest privacy advocates quietly crossed a line its own users never expected. What makes this headline important isn't just that hidden tracking code existed. It's that the company behind it was Anthropic. Just months ago, Anthropic publicly refused to let the Trump administration use Claude to surveil American users. The company defended that position in court, arguing that AI companies shouldn't become tools for government surveillance. That stance became part of Anthropic's identity. Then came a very different decision. In March, Anthropic quietly added hidden tracking markers to Claude Code that flagged users' timezones, proxy connections, and potential ties to Chinese AI labs. The code remained unnoticed until security researcher Thereallo discovered it last week. After the discovery went public, an Anthropic engineer confirmed it on X, described it as an "experiment" intended to combat account abuse and model distillation, and said the company had already planned to remove it. The tracker was taken down shortly afterward. The bigger question isn't whether Anthropic had a reason. It's whether a company that built its reputation on privacy can afford to hide surveillance from the very developers it asks to trust its tools.
Leanstral AI

Leanstral 1.5: Mistral’s AI Built to Prove Math Ended Up Finding Real Software Bugs

0
Mistral built Leanstral to do something most AI models don't attempt, write formal mathematical proofs that a compiler can verify as correct. Not "pretty sure this is right" correct. Mechanically, provably, no-exceptions correct. That's a narrow use case, and the audience for it is small. What nobody expected was that a model trained on IMO-level math problems and abstract algebra benchmarks would end up running against open-source codebases and finding bugs that testing and fuzzing had both missed. Five of them previously unreported on GitHub.
Open Source AI Coding Agents That Don't Need a Subscription

7 Open Source AI Coding Agents That Don’t Need a Subscription

0
Open almost any "best AI coding tools" list and you'll see the same names: Cursor, GitHub Copilot, Claude Code. They're good tools but they're also closed source and paid. What's changed over the past year isn't the quality of those products, it's how quickly the open-source alternatives have caught up. Some can orchestrate multiple agents, remember your projects across sessions, and automate complex development workflows. Many let you bring your own model, whether that's a local LLM, OpenRouter, OpenAI, GLM-5.2, Ornith, DeepSeek, or something else entirely. More importantly, you're in control. You decide where your code runs, which model powers it, and how your workflow evolves without being locked into a single company's ecosystem. If you've only looked at the paid options, these are the open-source AI coding tools worth knowing about.