Three years ago, Google introduced a watermarking system for AI-generated content called SynthID. Nobody was required to use it. It was just Google’s answer to a problem the rest of the industry hadn’t fully admitted existed yet.
Now OpenAI is using it. So is Nvidia. So are ElevenLabs and Kakao. And Google says SynthID has already been applied to 100 billion images and videos, plus 60,000 years worth of audio.
The timing matters. AI-generated images and video have gotten good enough that the old tells, the extra fingers, the smeared text, the wrong shadows, are mostly gone. What replaces them as a detection method isn’t human judgment. It’s watermarking inserted into the content at the point of generation, before it ever reaches anyone’s feed. SynthID is Google’s bet on how that works at scale, and a growing number of the industry’s biggest names are now betting alongside it.
Table of Contents
Why SynthID is harder to remove
Most AI content labeling today relies on metadata. A file gets tagged at creation describing how it was made, which tools were used, whether generative elements were involved. Google uses this approach too, through the C2PA standard, and its Pixel 10 phones now embed that information directly into photos and videos at capture.
The problem with metadata is that it’s removable. Screenshot a tagged image and the metadata doesn’t come with it. Run it through a compression tool, crop it, repost it somewhere that strips file information, and the label is gone. The content looks clean even if it wasn’t.
SynthID works differently. The watermark lives in the pixels of an image or video, in the waveform of an audio file. It’s not attached to the file, it’s woven into the content itself. According to Google DeepMind scientist Pushmeet Kohli, the system was specifically engineered to survive the kinds of transformations people actually use: compression, cropping, rotation, format conversion.
That robustness is what makes it worth building around. A watermark that disappears when someone screenshots it isn’t a watermark, it’s a suggestion. SynthID is designed to persist through the ways content actually travels across the internet, which is why the detection side of the system can still find it even after the file has been through several hands.
Some researchers have claimed to find methods for removing SynthID patterns. Google’s position is that none of these bypasses actually work at scale. That’s a claim worth watching as adoption grows and the incentive to crack it increases.
What changes when OpenAI and Nvidia are in
The limitation of SynthID until now was straightforward: it only labeled content that Google’s own models generated. Every image from Midjourney, every video from Sora, voice clone from any of a dozen startups came with no SynthID watermark at all. Detection tools trained on SynthID patterns were only useful for a fraction of what was actually circulating.
That changes when OpenAI adds SynthID to GPT-2 image generation and Nvidia adds it to its Cosmos world foundation models. GPT-2 images are already widely used and Cosmos is Nvidia’s foundation for video and simulation content generation. ElevenLabs is one of the most widely used AI voice platforms available. Kakao has significant reach across Asian markets.
None of this closes the gap entirely. Open source models exist specifically so anyone can generate content on their own terms with no watermarking required. That category isn’t going anywhere. But the calculus shifts when the major commercial generators are all stamping their output with the same system. The content most people encounter from mainstream tools starts carrying a detectable signal. The content that doesn’t becomes more conspicuous by its absence.
It also matters that these companies are adopting the same standard rather than building competing ones. A fragmented watermarking landscape, where OpenAI has one system, Google has another, and Nvidia has a third, would be nearly useless for detection at scale. Convergence on SynthID, even partial convergence, is what makes the detection infrastructure worth building.
You May Like: Google’s Next AI Bet Isn’t on Chatbots. It’s on Agents That Do the Work.
What SynthID can’t control
This solution is not permanent for every AI generated content. Open source image and video models are not part of this. Anyone running a local model, fine-tuning their own weights, or building on publicly available checkpoints has no obligation to apply SynthID and no infrastructure to do it through. That category of content generation is growing and it sits outside what any commercial watermarking partnership can reach.
There’s also the screenshot problem for content that predates this rollout. Three years of AI images already circulating without SynthID don’t retroactively get labeled. The system only marks what gets generated through participating platforms going forward.
And watermarks can be attacked. Google maintains that no bypass actually works at scale, but that claim gets tested harder as adoption grows and the incentive to crack it increases. A watermarking system that covers most major commercial generators becomes a more valuable target than one covering only Google’s own models.
What SynthID gives you is signal on content from mainstream commercial tools. That’s genuinely useful. It’s not a solved problem.
Where this goes next
Google is expanding where SynthID detection actually lives. Circle to Search, Lens, and AI Mode will all be able to scan for the watermark. Gemini in Chrome can check a tab’s content directly if you ask whether something is AI-generated. The complexity of checking drops significantly when detection is built into the tools people already use.
Google is also opening parts of SynthID up to enterprise customers through its Gemini Enterprise Agent Platform. The company still isn’t releasing a fully public detection API because that would make it easier for people to study the system and try to bypass it. But businesses can now use official verification tools to check whether text, audio, or video contains a SynthID watermark.
SynthID is becoming the closest thing the industry has to a shared standard for AI content labeling because enough major players decided building their own wasn’t worth it. That’s how infrastructure standards usually happen.
