SynthID

SynthID is Google DeepMind's watermarking system for content generated or altered by AI. Its job is narrower, and more useful, than a generic AI detector: it helps answer whether a piece of content appears to carry a SynthID watermark from a participating tool.

The important part is where the signal lives. SynthID does not depend on ordinary file metadata, which can be stripped by upload pipelines, screenshots, exports, or basic editing. The watermark is embedded into the generated content itself at creation time, then checked later by a detector.

SynthID vs C2PA

SynthID and C2PA solve adjacent parts of the authenticity problem. SynthID looks for a signal embedded inside the content. C2PA carries signed metadata about where the content came from and how it changed. One is a watermark. The other is a provenance receipt.

Question	SynthID	C2PA	Why it matters
Where is the signal?	Inside the generated pixels, frames, waveform, or token pattern.	In signed provenance metadata attached to the file.	SynthID is harder to lose through normal sharing; C2PA is easier to inspect and audit.
What does it prove?	That content likely carries a SynthID watermark from a participating AI system.	Who created, captured, or edited the file, assuming the metadata chain is intact.	SynthID identifies a generation-time signal; C2PA explains the chain of custody.
What survives better?	Common edits such as compression, cropping, filters, or re-encoding.	Workflows that preserve signed metadata from capture to publication.	The two systems cover different failure modes.
What breaks it?	Heavy rewriting, regeneration, adversarial editing, or content from non-participating tools.	Metadata stripping, screenshots, file conversions, or broken provenance chains.	Neither system should be treated as final proof on its own.
Best use	Checking whether supported AI-generated content carries an embedded watermark.	Showing the history of a file from capture or creation through edits.	Together, they give a stronger authenticity signal than either one alone.

For text, SynthID works during generation. A language model chooses each next token from a probability distribution. SynthID subtly adjusts those probabilities so the final sequence carries a detectable statistical pattern without changing the visible meaning of the answer. It works best on longer, varied outputs where the model has many valid word choices. It is weaker on very short factual answers, quotations, translations, or heavily rewritten text because there are fewer usable choices or the original token pattern gets destroyed.

For images, video, and audio, the watermark is content-level rather than label-level. Google says the mark is designed to survive common transformations such as cropping, compression, filters, frame-rate changes, speed changes, and social media re-encoding. That does not make it indestructible. It means ordinary distribution and editing are less likely to erase it than they would erase metadata.

What It Is For

SynthID is a provenance signal. It helps platforms, journalists, researchers, and users distinguish content that was generated or edited by participating AI systems. Google has also built SynthID detection into Gemini workflows and launched SynthID Detector as a portal for checking supported content types.

The best mental model is not "AI detector." It is "watermark detector." SynthID can confirm the presence of a SynthID-style signal, but absence of that signal does not prove a file is human-made. It may have been generated by a model that does not use SynthID, edited enough to degrade the signal, or produced by an open tool with no watermarking at all.

Limits

SynthID does not detect all AI-generated content. It detects SynthID-marked content. That distinction matters. A tool has to apply the watermark in the first place, and motivated adversaries can still try to remove, obscure, regenerate, or route around it.

Its strongest role is transparency, not enforcement. It gives platforms and users a useful signal that something likely came from a participating AI pipeline. It does not solve deepfakes, impersonation, copyright disputes, or misinformation by itself.