OpenAI adds dual-layer provenance to AI images using C2PA and Google SynthID

If you have ever looked at an image online and wondered whether it was AI-generated, you are not alone. That question is getting harder to answer as AI imagery becomes more polished and more widespread. OpenAI has just made a meaningful move toward answering it, with a two-layer system that gives images generated by its tools a verifiable trail of origin.

What OpenAI actually announced

On 19 May 2026, OpenAI announced three things that work together:

1. C2PA Conforming Generator status. OpenAI is now a formally recognised conforming generator under the C2PA standard, which means platforms and tools that read C2PA signals can reliably interpret and pass along the provenance data attached to OpenAI-generated content. OpenAI also joined the C2PA steering committee, sitting alongside Adobe, Microsoft, and Google in shaping how the standard evolves.

2. Google SynthID watermarking, built in. OpenAI is now embedding Google DeepMind’s SynthID watermarks into images generated through ChatGPT and the OpenAI API. SynthID makes imperceptible adjustments to pixel values at the point of generation, producing an invisible fingerprint that persists through screenshots, compression, resizing, and most common forms of editing.

3. A public verification tool. OpenAI has published a preview of a verification tool that anyone can use. You upload an image, and it tells you whether it detects a SynthID watermark or C2PA metadata that originates from OpenAI.

Why two systems rather than one

C2PA and SynthID solve different parts of the same problem, which is why using both together is more robust than relying on either alone.

C2PA works by attaching a structured manifest to the file. That manifest records who created it, which tool was used, when it was made, and any edits applied along the way. The whole thing is cryptographically signed, so if someone tampers with it, the signature breaks. The limitation is that metadata can be stripped. Save a JPEG in a different format, pass it through a messaging app that strips metadata, or take a screenshot, and the C2PA record may not survive.

SynthID handles exactly that scenario. Because the watermark is baked into the pixels themselves, it does not depend on a file’s metadata surviving. It cannot be cropped out, it is not affected by format conversion, and it persists through most transformations a file is likely to encounter in the wild.

Together, they are more resilient than either would be separately. C2PA provides rich, human-readable context. SynthID provides a durable fallback signal.

How the verification tool works

The verify tool is straightforward to use. You upload an image, and the tool checks for both signals. The result tells you whether a SynthID watermark from OpenAI was detected, whether a trusted C2PA manifest from OpenAI was found, or whether neither was found.

That last result is handled carefully. The absence of a signal does not mean the image was definitely not AI-generated. Provenance signals can be stripped, intentionally or otherwise, so the tool avoids making a definitive negative claim. It tells you what it found, not what it concludes in the absence of evidence.

OpenAI says it does not store uploaded images except where legally required, and uploads are not used for training.

What this means for you

The practical implications depend on what you do with images day to day.

For individuals and consumers, this gives you a concrete way to check images you are uncertain about. If someone shares an image and claims it is a real photograph, you now have a tool that can tell you whether it carries an OpenAI-origin signal. That is not a complete answer to the problem of synthetic media, but it is a useful one.

For journalists and researchers, the ability to verify provenance before publishing or citing an image is genuinely useful. C2PA manifests also carry edit history, which means you can potentially see what alterations were made after generation.

For businesses, the implications are broader. Marketing teams receiving AI-generated assets, legal teams reviewing potentially AI-drafted documents, HR teams screening applications: all of these functions are increasingly touching AI-produced content without reliable ways to identify it. Image provenance is one piece of that puzzle, and it is now meaningfully easier to check for content that originates from OpenAI tools.

For developers, if you are building applications that consume or distribute images from the OpenAI API, your content will now carry C2PA credentials and SynthID watermarks by default. That is worth knowing for compliance purposes, particularly with the EU AI Act’s Article 50 transparency requirements taking effect in August 2026.

The wider picture

OpenAI is not doing this in isolation. The same day, at Google I/O 2026, Google announced that native C2PA and SynthID detection is coming to Google Search and Chrome. The Gemini app already supports SynthID detection and has been used 50 million times for image, video, and audio verification. Companies including Kakao, ElevenLabs, and Nvidia made parallel C2PA and SynthID adoption announcements on the same day.

The C2PA coalition now has more than 6,000 members and affiliates. Camera manufacturers including Leica and Nikon are adding C2PA signing at the point of capture, so real photographs can carry the same kind of verified origin record as AI-generated ones. The long-term goal is a world where the provenance question, “where did this come from and has it been altered?”, has a reliable answer regardless of whether the source was a camera or a model.

OpenAI’s current verification tool only checks for content that originated from OpenAI’s own systems. The company has indicated it plans to expand support for cross-platform verification over time. For now, it covers ChatGPT and the OpenAI API, which collectively account for a significant share of AI-generated imagery in circulation.

It is a meaningful step, and the dual-layer approach is technically solid. The honest limitation is that it only covers one generator’s output. The broader provenance infrastructure still relies on the rest of the industry catching up, which, given the announcements coming out of Google I/O on the same day, appears to be happening faster than it was a year ago.