How to Tell If a Photo, Video or Text Is AI-Generated

Detectors are unreliable and getting worse. How AI-content detection really works, which tools actually check a file, and the labeling laws now in force.

by HowAIWorks Team
On this page

Introduction

There are two ways to answer the question "was this made by an AI?" You can examine the file itself and guess, or you can check whether it carries a signed record of where it came from. The first approach is what most people mean by "AI detector," and it is quietly losing. The second is what the industry has spent the past eighteen months building — and it is already the law in China, and becomes law in the European Union on 2 August 2026.

This article covers both: how detection actually works for text, images and video, the measured rate at which it fails, the tools that genuinely let you check a file today, and the labeling regimes now coming into force. The honest summary is that neither approach is a solution, and the useful skill is knowing which failure mode you are looking at.

How to Tell If a Text Was Written by AI

Text detection rests on a statistical intuition: a language model picks tokens that are likely, and human writing is less predictable than that. Detectors operationalize this in two ways. Perplexity measures how surprised a reference model is by the text — low perplexity suggests machine authorship. Burstiness measures variance in sentence complexity, on the theory that humans alternate between long and short sentences more erratically than a model does. On top of these, commercial detectors run a trained classifier over labeled corpora of human and machine text.

The approach has a structural problem: it does not detect a machine, it detects predictability. Anything that makes a human write in a plain, regular, low-variance register looks like a large language model to a detector.

That is not a hypothetical. A 2023 study in Patterns ran seven commercial GPT detectors against TOEFL essays written by non-native English speakers. The detectors misclassified more than half of them as AI-generated — one flagged nearly 98% — while correctly classifying over 90% of essays written by native speakers. The bias is not a bug in one product; it falls directly out of what the method measures.

The accuracy numbers are worse than the marketing suggests. A 2024 study by Perkins et al. tested six major detectors and found 39.5% accuracy at baseline. When the machine-generated text was modified using simple evasion techniques, accuracy fell to 17.4%. The authors' own conclusion is that these tools "cannot currently be recommended for determining academic integrity violations."

Treat any "AI text detector" verdict as a weak prior, never as evidence.

How to Tell If an Image Is AI-Generated

Image detection has more to work with, because generators leave physical traces.

Visible artifacts — malformed hands, garbled text in signage, impossible reflections, inconsistent shadows — are what people look for, and they are the least durable signal. Every generation of diffusion models fixes more of them. A 2026 workflow that relies on counting fingers is a workflow that has already failed.

Frequency-domain analysis is the more robust family. A real photograph carries the noise signature of a physical sensor: read noise, demosaicing patterns, lens characteristics. A generated image carries the upsampling signature of the network that produced it. Under a Fourier transform, these look different in ways invisible to the eye. This is genuine forensics and it works — until the image is recompressed, resized or screenshotted, at which point the platform's own processing overwrites the very signal the detector depends on.

Trained classifiersconvolutional networks and transformer-based computer vision models — are the commercial mainstay. They inherit the standard supervised-learning failure: they generalize well to the generators in their training set and poorly to the one that shipped last month.

The frontier here is explainability rather than raw accuracy. In July 2026, Fraunhofer IOSB published RealOrRender, a hybrid classifier funded by Germany's federal information-security agency that reports 85–91% accuracy and, more importantly, states why it classified an image as synthetic. A score without a reason is not usable as evidence, and the field has begun to notice.

How to Spot a Deepfake Video or Cloned Voice

Video inherits every image technique, applied per frame, plus a temporal dimension that is harder to fake. (For how deepfakes are constructed in the first place — face-swap autoencoders, lip-sync models, voice cloning — see the glossary entry.)

Temporal consistency is the main lever. Lighting that shifts between frames, a face whose geometry drifts, blink patterns that fall outside human distributions, lip movements desynchronized from phonemes — these are cross-frame errors, and a generator that produces each frame beautifully can still fail to keep them coherent.

Physiological signals are the most elegant approach. Human skin changes color very slightly with each heartbeat as blood perfuses the capillaries. Remote photoplethysmography (rPPG) recovers a pulse waveform from those changes across frames — and a synthesized face has no pulse, or has an incoherent one. It is a compelling idea. It is also fragile: compression, low light and heavy makeup degrade the signal on genuine video too.

Audio deepfakes are analyzed separately, on the spectrogram: artifacts of the vocoder, unnaturally clean silences, absent breath sounds, formant transitions that no human vocal tract would produce. This is now the highest-stakes lane, because voice cloning drives real-time fraud — the call from the "CFO" authorizing a wire transfer. The products follow the money: on 8 July 2026 Attestiv launched DeepScan, which reframes the problem from "is this file fake?" to "can this file be trusted inside this specific business workflow?" — validating submitted photos, documents, audio and video before they drive a decision such as an insurance payout.

Why AI Detectors Keep Failing

Every method above shares one property: it is a classifier trained on yesterday's generators, applied to tomorrow's output.

This is an arms race with an asymmetry built into it. A generator's training objective is, quite literally, to produce output that a discriminator cannot distinguish from real. Detection research publishes its methods; the next generation of generators trains against them. The defender must generalize to models that do not exist yet; the attacker only needs to defeat the detectors that already do.

Three failure modes recur:

  • Distribution shift. A detector's accuracy on a generator released after its training data is substantially worse than its published benchmark, and nothing in the output tells you so.
  • Post-processing. Cropping, recompression, resizing, screenshotting — the ordinary lifecycle of any image on the internet — attenuates precisely the low-level signals forensics depends on.
  • False positives on real content. The bias against non-native speakers is the clearest case, and it means the cost of a detector is not zero: it is paid by the people it wrongly accuses.

How to Actually Check a File Today

Set the detectors aside. Here is the workflow that holds up.

1. Check for Content Credentials first. Go to contentcredentials.org/verify, upload the file or paste its URL. If a signed manifest is present, you get something a detector can never give you: the camera or model that produced the file, when it was signed, and the chain of edits since. That is evidence. Adobe runs an equivalent tool at verify.contentauthenticity.org.

2. Read a negative result correctly. "No Content Credentials found" means unknown provenance, not AI-generated. The overwhelming majority of legitimate media carries no credentials at all. If you take one thing from this article, take this: absence of a signature is not evidence of forgery, and any tool or person who tells you otherwise is misleading you.

3. Ask for the original file. A screenshot destroys embedded credentials, and so does most social-media re-encoding. If provenance matters, get the file from the source rather than from a platform that has already stripped it.

4. Know what SynthID can and cannot tell you. Google's SynthID Detector portal scans for the SynthID watermark across images, audio, video and text — but it only detects content made with Google's own models (Gemini, Imagen, Veo, Lyria), and access is still gated behind a waitlist aimed at journalists and researchers. A negative result rules out Google's generators. It rules out nothing else. Google is also rolling image verification into the Gemini app, where you can simply ask whether an image was made with its AI.

5. Weight context over pixels. Where did this file come from? Does the account have a history? Is there a second, independent source for the same event? Corroboration long predates C2PA, and it still outperforms every detector on this page.

6. Never let a detector score fall on a person. An accusation of academic misconduct or a rejected job application, resting on a tool with a 39.5% baseline and a documented bias against non-native speakers, is indefensible. If the cost of a false positive lands on a human being, the score is not good enough. There is no version of this that is good enough yet.

The Shift to Provenance: C2PA and SynthID

The strategic response is to stop asking the artifact and start asking its history. Rather than inferring origin from pixels, attach a cryptographically signed record of origin at the moment of creation.

C2PA, the standard behind Content Credentials, does exactly this — see Content Provenance (C2PA) for the mechanics. A camera or a generative model signs a manifest — what device or model produced this file, when, what edits were applied — and the signature travels with the file. Verification becomes a cryptographic check rather than a statistical guess. As of January 2026, C2PA has moved its trust infrastructure onto a formal Conformance Program: the older Interim Trust List was frozen on 1 January 2026, and new signing certificates now come only through conformance. Content signed under the legacy list still validates — this is a transition, not a cutover.

SynthID, from Google DeepMind, attacks the same problem from the other side, embedding the signal in the content rather than in metadata that can be stripped. For text, it subtly biases the model's token sampling toward a secret pattern that a detector can test for statistically; the method was published in Nature in 2024 and open-sourced. For images and audio it embeds an imperceptible watermark directly in the signal. Its documented limits matter: it survives cropping and light editing but degrades when text is rewritten or translated.

The two approaches converged publicly on 19 May 2026, when OpenAI and Google published on the same day. OpenAI — which already signed C2PA credentials into DALL·E 3, its image model and Sora — announced it was adding SynthID watermarking through a partnership with Google DeepMind, plus a public verification preview. Google announced that SynthID verification had gone live in the Gemini app and was reaching Search, with Chrome to follow, and that C2PA Content Credentials verification was starting in Gemini with Search and Chrome named for the coming months. Two rival labs agreeing on a shared provenance stack is the single strongest signal that pixel-level detection is not expected to hold.

What actually signs content today

Provenance only works if the capture device signs, and here the reality is narrower than the marketing. Canon confirmed C2PA signing on the EOS R1 and R5 Mark II. Sony ships it on the Alpha 1 II and Alpha 9 III. Leica signs on the M11-P and SL3-S — note the suffixes; the base models are not the signing ones.

And Nikon is the cautionary tale: it shipped C2PA firmware for the Z6III, then suspended the program in September 2025 after a forgery vulnerability was found. A provenance system whose signing key can be abused is worse than none, because it launders a fake into a credential. The standard is only as good as the conformance program behind it — which is precisely why the trust list was rebuilt.

Where AI Labeling Is Already the Law

The technical shift now has legal deadlines, and they are not only European.

China moved first, and went furthest. The Cyberspace Administration of China's Measures for Labeling AI-Generated Synthetic Content, together with the mandatory national standard GB 45438-2025, took effect on 1 September 2025. They require two labels at once: an explicit one, visible to the user as on-screen text or a graphic, and an implicit one embedded in file metadata identifying the service provider. The scope covers text, images, audio, video and virtual assets across platforms including WeChat, Douyin, Weibo and Bilibili. Note that this is broader than what the EU is about to require — it covers plain text, and it mandates a label the reader can actually see.

The EU follows on 2 August 2026, when Article 50 of the AI Act begins to apply. Two obligations matter. Providers of generative systems must mark synthetic output in a machine-readable format — the clause that makes C2PA and SynthID load-bearing rather than voluntary. And deployers of a system that generates or manipulates image, audio or video content constituting a deep fake must disclose that the content is artificially generated or manipulated. The Act defines a deep fake as content resembling existing persons, objects, places, entities or events that "would falsely appear to a person to be authentic or truthful" — note that this turns on appearance, not on intent to deceive. Where the work is evidently artistic, creative, satirical or fictional, disclosure is limited to a form that does not hamper the display or enjoyment of the work.

To operationalize this, the European Commission published a Code of Practice on Transparency of AI-Generated Content on 10 June 2026, with a signatory deadline of 22 July 2026 to appear on the initial list. One caveat is worth stating precisely, because it is widely reported wrong: signing the Code is not an automatic presumption of conformity. Signatories may rely on it to demonstrate compliance subject to a positive assessment by the Commission and the AI Board.

The United States has no general labeling law, and no sign of one. What it has is the TAKE IT DOWN Act, signed on 19 May 2025, which criminalizes the non-consensual publication of intimate images including "digital forgeries" — deepfakes — and required covered platforms to run a 48-hour notice-and-removal process by 19 May 2026. It is a targeted remedy for the single most common deepfake harm, not a transparency regime. The result is a genuinely fragmented world: a file that is legal and unlabeled in the US may be non-compliant the moment it reaches a user in Shanghai or, from August, in Berlin.

Conclusion

The comfortable story — that AI detectors tell you what is real — is false, and the numbers say so plainly: 39.5% baseline accuracy on text, collapsing to 17.4% against trivial evasion, with the false positives landing hardest on non-native speakers. Forensic detection remains useful as one signal among several, and explainable systems like RealOrRender make it more defensible, but it cannot be the foundation.

The foundation being built instead is provenance: sign at the source, verify cryptographically, and treat unsigned content as unknown rather than as fake. That approach has its own hard problems — stripped metadata, the Nikon key vulnerability, the fact that most of the internet will remain unsigned for years. But it is the only approach whose reliability does not degrade every time a better generator ships, and it is the one the regulators have chosen. China already requires it. The EU requires it in three weeks.

Sources

Frequently Asked Questions

The most reliable free check is contentcredentials.org/verify — upload the file or paste its URL and it will show any signed provenance record: what camera or AI model made it, and how it was edited. If it finds nothing, that does not mean the image is fake. Most media on the internet carries no credentials at all.
No. A detector returns a probability, not proof. In a 2024 study of six detectors, baseline accuracy was 39.5%, and it fell to 17.4% once the text was modified with simple evasion techniques. No text detector on the market is reliable enough to justify a consequential decision on its own.
Detectors flag text with low lexical variety and predictable phrasing, which is also how fluent-but-constrained second-language writing reads. A 2023 Patterns study found that seven detectors misclassified more than half of TOEFL essays by non-native speakers as AI-generated, while correctly classifying over 90% of essays by native speakers.
C2PA is an open standard for cryptographically signed provenance metadata, marketed as Content Credentials. Instead of guessing after the fact whether a file is synthetic, it attaches a signed record at the moment of capture or generation stating what made the file and how it was edited.
In China it has been mandatory since 1 September 2025, covering text, images, audio and video with both visible labels and embedded metadata. In the EU, Article 50 of the AI Act applies from 2 August 2026, requiring deepfake disclosure and machine-readable marking of synthetic output. The US has no general labeling law, but the TAKE IT DOWN Act criminalizes non-consensual intimate deepfakes.
Yes, and this is the central weakness of the provenance approach. Metadata is stripped by most social platforms and by a simple screenshot. Statistical watermarks such as SynthID survive cropping and light editing but degrade when text is rewritten or translated.

Continue Your AI Journey

Explore our glossary and model catalog to deepen your understanding.