{"id":27625,"date":"2025-07-24T15:52:38","date_gmt":"2025-07-24T15:52:38","guid":{"rendered":"https:\/\/www.tun.com\/home\/?p=27625"},"modified":"2025-07-24T15:52:40","modified_gmt":"2025-07-24T15:52:40","slug":"new-study-reveals-deepfakes-can-overcome-ai-watermarking","status":"publish","type":"post","link":"https:\/\/www.tun.com\/home\/new-study-reveals-deepfakes-can-overcome-ai-watermarking\/","title":{"rendered":"New Study Reveals Deepfakes Can Overcome AI Watermarking"},"content":{"rendered":"\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-uagb-blockquote uagb-block-e7eb3fc3 uagb-blockquote__skin-border uagb-blockquote__stack-img-none\"><blockquote class=\"uagb-blockquote\"><div class=\"uagb-blockquote__content\">A breakthrough study from the University of Waterloo\u2019s Cybersecurity and Privacy Institute unveils vulnerabilities in AI watermarking, suggesting that deepfakes can bypass current detection techniques.<\/div><footer><div class=\"uagb-blockquote__author-wrap uagb-blockquote__author-at-left\"><\/div><\/footer><\/blockquote><\/div>\n\n\n\n<div class=\"wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-0dfbf163 wp-block-group-is-layout-flex\"><div style=\"font-size:16px;\" class=\"has-text-align-left wp-block-post-author\"><div class=\"wp-block-post-author__content\"><p class=\"wp-block-post-author__name\">The University Network<\/p><\/div><\/div>\n\n\n<div class=\"wp-block-uagb-social-share uagb-social-share__outer-wrap uagb-social-share__layout-horizontal uagb-block-ee584a31\">\n<div class=\"wp-block-uagb-social-share-child uagb-ss-repeater uagb-ss__wrapper uagb-block-ec619ce7\"><span class=\"uagb-ss__link\" data-href=\"https:\/\/www.facebook.com\/sharer.php?u=\" tabindex=\"0\" role=\"button\" aria-label=\"facebook\"><span class=\"uagb-ss__source-wrap\"><span class=\"uagb-ss__source-icon\"><svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\"><path d=\"M504 256C504 119 393 8 256 8S8 119 8 256c0 123.8 90.69 226.4 209.3 245V327.7h-63V256h63v-54.64c0-62.15 37-96.48 93.67-96.48 27.14 0 55.52 4.84 55.52 4.84v61h-31.28c-30.8 0-40.41 19.12-40.41 38.73V256h68.78l-11 71.69h-57.78V501C413.3 482.4 504 379.8 504 256z\"><\/path><\/svg><\/span><\/span><\/span><\/div>\n\n\n\n<div class=\"wp-block-uagb-social-share-child uagb-ss-repeater uagb-ss__wrapper uagb-block-32d99934\"><span class=\"uagb-ss__link\" data-href=\"https:\/\/twitter.com\/share?url=\" tabindex=\"0\" role=\"button\" aria-label=\"twitter\"><span class=\"uagb-ss__source-wrap\"><span class=\"uagb-ss__source-icon\"><svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\"><path d=\"M389.2 48h70.6L305.6 224.2 487 464H345L233.7 318.6 106.5 464H35.8L200.7 275.5 26.8 48H172.4L272.9 180.9 389.2 48zM364.4 421.8h39.1L151.1 88h-42L364.4 421.8z\"><\/path><\/svg><\/span><\/span><\/span><\/div>\n\n\n\n<div class=\"wp-block-uagb-social-share-child uagb-ss-repeater uagb-ss__wrapper uagb-block-1d136f14\"><span class=\"uagb-ss__link\" data-href=\"https:\/\/www.linkedin.com\/shareArticle?url=\" tabindex=\"0\" role=\"button\" aria-label=\"linkedin\"><span class=\"uagb-ss__source-wrap\"><span class=\"uagb-ss__source-icon\"><svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 448 512\"><path d=\"M416 32H31.9C14.3 32 0 46.5 0 64.3v383.4C0 465.5 14.3 480 31.9 480H416c17.6 0 32-14.5 32-32.3V64.3c0-17.8-14.4-32.3-32-32.3zM135.4 416H69V202.2h66.5V416zm-33.2-243c-21.3 0-38.5-17.3-38.5-38.5S80.9 96 102.2 96c21.2 0 38.5 17.3 38.5 38.5 0 21.3-17.2 38.5-38.5 38.5zm282.1 243h-66.4V312c0-24.8-.5-56.7-34.5-56.7-34.6 0-39.9 27-39.9 54.9V416h-66.4V202.2h63.7v29.2h.9c8.9-16.8 30.6-34.5 62.9-34.5 67.2 0 79.7 44.3 79.7 101.9V416z\"><\/path><\/svg><\/span><\/span><\/span><\/div>\n<\/div>\n<\/div>\n<\/div><\/div>\n\n\n\n<p>Researchers at the University of Waterloo\u2019s Cybersecurity and Privacy Institute have made a startling discovery that exposes vulnerabilities in the methods used to detect AI-generated content. Their study reveals that artificial intelligence image watermarks, promoted as a solution to combat deepfakes, can be effectively removed without knowing the watermark&#8217;s design or the existence of the watermark itself.<\/p>\n\n\n\n<p>As AI-generated images and videos grow increasingly lifelike, concerns are mounting over the potential misuse of this technology in arenas such as politics, the legal system and daily life. <\/p>\n\n\n\n<p>\u201cPeople want a way to verify what\u2019s real and what\u2019s not because the damages will be huge if we can\u2019t,\u201d lead author Andre Kassis, a doctoral candidate in computer science at the University of Waterloo, said in a news release. \u201cFrom political smear campaigns to non-consensual pornography, this technology could have terrible and wide-reaching consequences.\u201d<\/p>\n\n\n\n<p>Major AI companies like OpenAI, Meta and Google tout invisible, encoded watermarks as a reliable means to identify AI-generated content. These watermarks are designed to be imperceptible to human users yet robust enough to withstand image manipulations, such as cropping or resolution changes. The companies argue that these coded signatures can enable the development of effective public tools for distinguishing genuine content from AI-generated material.<\/p>\n\n\n\n<p>Contrary to these claims, the Waterloo team developed a tool named <a href=\"https:\/\/github.com\/andrekassis\/ai-watermark\">UnMarker<\/a>, which can efficiently strip watermarks from images. UnMarker does so without any prior knowledge of the watermarking algorithms, internal parameters or detector interactions. <\/p>\n\n\n\n<p>This sets UnMarker apart as the first practical and universal tool capable of removing watermarks in real-world settings.<\/p>\n\n\n\n<p>\u201cWhile watermarking schemes are typically kept secret by AI companies, they must satisfy two essential properties: they need to be invisible to human users to preserve image quality, and they must be robust, that is, resistant to manipulation of an image like cropping or reducing resolution,\u201d added Urs Hengartner, an associate professor in the David R. Cheriton School of Computer Science at the University of Waterloo.<\/p>\n\n\n\n<p>The researchers\u2019 key insight is that to meet these criteria, watermarks must subtly manipulate the image\u2019s pixel intensities across its spectral domain. By employing a statistical attack, UnMarker identifies and distorts unusual pixel frequencies, making the watermark unrecognizable to detection tools but leaving the image undetectably altered to the human eye. <\/p>\n\n\n\n<p>In trials, UnMarker effectively removed watermarks over 50% of the time on various AI models, including Google\u2019s SynthID and Meta\u2019s Stable Signature.<\/p>\n\n\n\n<p>\u201cIf we can figure this out, so can malicious actors,\u201d Kassis added. \u201cWatermarking is being promoted as this perfect solution, but we\u2019ve shown that this technology is breakable. Deepfakes are still a huge threat. We live in an era where you can\u2019t really trust what you see anymore.\u201d<\/p>\n\n\n\n<p>The research, <a href=\"https:\/\/arxiv.org\/abs\/2405.08363\" target=\"_blank\" rel=\"noopener\" title=\"\">published<\/a> in the proceedings of the 46th IEEE Symposium on Security and Privacy,  underscores the need for developing more robust methods to detect AI-generated content, as the current watermarking strategies prove insufficient against sophisticated attacks.<\/p>\n\n\n\n<div style=\"height:13px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><strong>Source:<\/strong> <a href=\"https:\/\/uwaterloo.ca\/news\/media\/watermarks-offer-no-defense-against-deepfakes\" target=\"_blank\" rel=\"noopener\" title=\"\">University of Waterloo<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers at the University of Waterloo\u2019s Cybersecurity and Privacy Institute have made a startling discovery that exposes vulnerabilities in the methods used to detect AI-generated content. Their study reveals that artificial intelligence image watermarks, promoted as a solution to combat deepfakes, can be effectively removed without knowing the watermark&#8217;s design or the existence of the [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"single-no-separators","format":"standard","meta":{"_acf_changed":false,"_uag_custom_page_level_css":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[8],"tags":[291],"class_list":["post-27625","post","type-post","status-publish","format-standard","hentry","category-ai","tag-university-of-waterloo"],"acf":[],"aioseo_notices":[],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false},"uagb_author_info":{"display_name":"The University Network","author_link":"https:\/\/www.tun.com\/home\/author\/funky_junkie\/"},"uagb_comment_info":0,"uagb_excerpt":"Researchers at the University of Waterloo\u2019s Cybersecurity and Privacy Institute have made a startling discovery that exposes vulnerabilities in the methods used to detect AI-generated content. Their study reveals that artificial intelligence image watermarks, promoted as a solution to combat deepfakes, can be effectively removed without knowing the watermark&#8217;s design or the existence of the&hellip;","_links":{"self":[{"href":"https:\/\/www.tun.com\/home\/wp-json\/wp\/v2\/posts\/27625","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tun.com\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tun.com\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tun.com\/home\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tun.com\/home\/wp-json\/wp\/v2\/comments?post=27625"}],"version-history":[{"count":8,"href":"https:\/\/www.tun.com\/home\/wp-json\/wp\/v2\/posts\/27625\/revisions"}],"predecessor-version":[{"id":27646,"href":"https:\/\/www.tun.com\/home\/wp-json\/wp\/v2\/posts\/27625\/revisions\/27646"}],"wp:attachment":[{"href":"https:\/\/www.tun.com\/home\/wp-json\/wp\/v2\/media?parent=27625"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tun.com\/home\/wp-json\/wp\/v2\/categories?post=27625"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tun.com\/home\/wp-json\/wp\/v2\/tags?post=27625"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}