>_TheQuery
// Reading nowStart
← All Articles

Google SynthID Expansion: OpenAI Joins, 100 Billion Watermarks, and Why the Gap Still Exists

By Addy · May 22, 2026

There is a number in Google's SynthID announcement that has not received enough attention.

100 billion. That is how many images and videos SynthID has watermarked since the system launched. 60,000 years of audio. Verification in the Gemini app alone has been used 50 million times globally. These are not pilot figures. These are the metrics of infrastructure that has been running quietly in the background while the industry debated whether AI watermarking was technically feasible, legally necessary, or commercially viable.

At Google I/O 2026, the answer to all three questions arrived in one announcement. SynthID is expanding from the Gemini app into Google Search and Chrome. OpenAI, NVIDIA, Kakao, and ElevenLabs are adopting SynthID across their products. The Pixel 10 is the first device to write C2PA credentials inside its native camera app. A SynthID Detector portal has opened to early testers.

The moment OpenAI adopts Google's watermarking standard is the moment it stops being Google's product. It becomes an industry standard. That transition happened on May 19, and most coverage treated it as a feature announcement.

What SynthID Actually Is

Most people who have encountered SynthID have done so without knowing it. Every image generated in the Gemini app carries a SynthID watermark. Every video from Gemini Omni carries one. NVIDIA integrated SynthID in January 2026 to watermark video from its Cosmos world foundation models. Every piece of content ChatGPT generates will carry one going forward.

The watermark is imperceptible. It is not a logo, a badge, or a label. It is a signal embedded in the pixels of an image, the waveform of audio, or the token distribution of text at the point of generation. The signal is designed to survive the operations that most people apply to content after they receive it -- resizing, recompression, format conversion, social media upload and re-download cycles. Stripping the metadata from a JPEG removes the EXIF data. It does not remove the SynthID signal.

This distinction matters because the most common way AI-generated images have been passed off as authentic photographs is through a simple workflow: generate the image, download it, strip the metadata, upload it somewhere. The stripped metadata means no record of which tool produced it. The SynthID signal means there is still a record, invisible to a human viewer but readable by a detector, that survives that workflow.

The SynthID Detector portal opening to early testers takes this from a producer-side tool -- embedding signals at generation -- to a consumer-side tool -- verifying signals at reception. The workflow that previously required uploading an image to the Gemini app is being embedded into Search and Chrome. You right-click an image you are looking at. The browser tells you whether it carries a SynthID marker. No upload required. No separate app. The verification happens where you encounter the content.

The Two-Layer Architecture Nobody Explains Clearly

SynthID and C2PA are not the same thing. They are complementary systems solving different parts of the same problem, and understanding the difference is necessary to understand what the expansion actually achieves.

Think of the internet's content as a stream of packages being shipped between warehouses. C2PA is the shipping label -- a digitally signed record of where the package originated, who handled it, and whether it has been opened or modified since it left the source. C2PA credentials on a Pixel 10 photograph prove the image came from that specific camera sensor, at that specific time, without modification. The label travels with the package.

SynthID is a dye injected into the package contents themselves. It survives even if the shipping label is torn off, the box is repacked, and the package is reshipped in different packaging. If someone strips the metadata, re-encodes the image, and re-uploads it through a different platform, the C2PA credentials are gone. The SynthID signal is not.

Together they cover the full provenance problem. C2PA answers the question "did a real camera capture this at a specific time and place?" SynthID answers the question "was this generated by AI?" One confirms real-world origin. The other confirms AI origin. A piece of content with C2PA credentials but no SynthID signal is a real photograph. A piece of content with a SynthID signal but no C2PA credentials is AI-generated content. A piece of content with neither -- which is most of the existing internet -- is provenance-unknown.

The Pixel 10 writing C2PA credentials in the native camera app is the hardware layer of this architecture. It means photographs taken on Pixel 10 carry a tamper-evident provenance record from the moment of capture. Not added later in post-processing. Not dependent on a software setting the user remembers to enable. Written at the hardware level, at the moment of capture, by the sensor itself.

That is a new thing in the world. It is the beginning of an internet where the question "was this real or was this AI generated?" has an answer built into the content itself.

Why OpenAI Joining Changes Everything

The technical capabilities of SynthID are not new. DeepMind published the original SynthID research in 2023. The system has been running inside Google products for three years. The watermark technology was never the limiting factor.

The limiting factor was adoption. A watermarking system that only marks content from one company's tools is a provenance system for one company's content. When someone asks "is this real or AI-generated," the SynthID answer is only useful if the content was made with a SynthID-enabled tool. A deepfake generated with an open-weight model and no watermarking is invisible to SynthID detection regardless of how good the detector is.

This is why OpenAI joining matters more than any technical upgrade to the watermark. OpenAI generates more AI content than any other company. ChatGPT Images 2.0, which this publication covered in April, produces output that is functionally indistinguishable from photographs. GPT-5.5 generates text at a scale and quality that makes synthetic content a meaningful fraction of what circulates online. When that content carries SynthID watermarks, SynthID detection covers the majority of frontier AI-generated content on the internet.

ElevenLabs joining is the voice angle. ElevenLabs is the market leader in voice synthesis with $330 million in ARR and over 40 languages of output. The VibeVoice piece this publication ran covered the risk of voice synthesis being used for deepfake audio. ElevenLabs was the canonical example of a capable voice tool that had been used for exactly this purpose. When ElevenLabs carries SynthID watermarks, synthetic audio generated by the most widely-used voice platform becomes detectable.

NVIDIA integrating SynthID in January was the hardware layer. OpenAI joining is the content layer. ElevenLabs joining is the audio layer. Kakao, the Korean technology giant whose messaging platform reaches 47 million daily active users, is the international distribution layer.

The system that covered Google's content at 100 billion watermarks now covers most of the frontier AI content on the internet.

The Gap That Still Exists

The honest version of the SynthID expansion announcement includes something Google did not lead with.

SynthID only detects content watermarked with SynthID. AI content from tools that have not adopted the standard is not identifiable through this system. The open-weight models that produce AI images, audio, and video without watermarking -- because watermarking is optional and removing it is trivial -- are outside the detection perimeter regardless of how many companies adopt SynthID.

This is not a criticism specific to Google. It is a structural property of any voluntary watermarking standard. The bad actors who are most motivated to produce undetectable deepfakes are the least likely to voluntarily adopt a standard that makes their content detectable. The deepfakes used for fraud, political manipulation, and non-consensual intimate imagery are being generated by tools that will not voluntarily join a watermarking coalition.

What SynthID covers is the legitimate use of legitimate tools. A journalist verifying whether an image shared in a breaking news context was generated by ChatGPT will now get an answer through Search and Chrome. A voter looking at a political advertisement that claims to show real footage will be able to check whether it was made with Gemini Omni. A person who suspects a piece of audio was synthesized with ElevenLabs will be able to verify.

These are real and meaningful use cases. They are not the use cases where the harm is greatest. The harm cases -- coordinated political disinformation using locally-run open-weight models, fraud using synthesized audio from fine-tuned custom models, intimate image abuse using purpose-built synthesis tools -- are outside the detection perimeter.

Anthropic's response to the capability risk was to gate Mythos Preview behind Project Glasswing. Microsoft's response to VibeVoice's misuse was to pull the repository, add watermarking and disclaimers, and reship. Google's response to Gemini Omni's voice editing risk was to hold the feature back. SynthID is the infrastructure layer that makes all of those decisions more coherent -- it is the system that allows capable AI tools to ship while maintaining some thread of provenance back to origin.

It does not solve the problem for tools that exist outside the coalition. Nothing currently does.

The Right-Click That Changes How You Read the Internet

The specific deployment decision that will have the most impact is not the 100 billion watermarks. It is the Chrome right-click.

Before May 19, verifying whether an image carried a SynthID marker required navigating to the Gemini app, uploading the image, waiting for the analysis. That is not a workflow most people will do for content they encounter casually. It is a workflow researchers and journalists and fact-checkers will do deliberately, for specific content where verification matters.

After Chrome support rolls out, verification is a right-click on any image you encounter in a browser. The friction of the verification step drops from "deliberate multi-step process" to "same action as opening an image in a new tab." At that friction level, casual verification becomes possible. Users who would never have thought to verify an image's provenance might right-click habitually, the way they right-click to copy an image, simply because the option exists.

Habit formation around provenance verification is the long-term outcome that matters more than the watermark count. The 100 billion watermarked pieces of content are supply. The Chrome right-click is demand-side infrastructure -- the tool that creates the habit of asking where content came from, rather than assuming it represents reality.

The VibeVoice watermarking that Microsoft added on reship, the Gemini Omni SynthID on every generated video, the ElevenLabs audio watermarks -- all of these are invisible at point of receipt. SynthID in Chrome makes them visible on demand. The supply of watermarked content and the demand-side verification tool are arriving at the same time, which is necessary for either to work.

What This Means for the Deepfake Arc

This publication has been tracking a specific thread since April: the gap between what AI can generate and what verification infrastructure can detect.

The ChatGPT Images 2.0 article noted that the same capability that makes a restaurant menu indistinguishable from a real one makes a fake photograph of a real person harder to detect. The VibeVoice article noted that Microsoft pulled the synthesis model ten days after launch because voice impersonation incidents appeared immediately. The Gemini Omni article noted that voice editing inside existing videos was held back specifically because it is the most direct path to deepfake audio of specific individuals. The Claude Mythos M5 article noted that Apple built its security architecture in a world before AI could compress months of research into days.

SynthID at scale is the infrastructure response to that thread. Not a solution -- the gap the standard cannot cover is real and significant. But the first viable infrastructure for provenance at internet scale, adopted by most of the frontier AI companies, embedded in the browser people use to encounter content, shipping to the hardware people use to capture reality.

The internet is changing from a medium where the question "is this real?" is unanswerable to one where it is sometimes answerable, for specific content, using specific tools, when those tools are in the right place at the right time.

Sometimes answerable is better than never answerable. It is also honest about how far that still is from always answerable.

Sources:

Previously on TheQuery: Microsoft Shipped the Best Open Voice AI in August. Nobody Noticed Until May. and Gemini Omni and Gemini 3.5 Flash Are Real. So Is the Thing Google Refused to Ship.