AI Watermarking

The Technical Definition

AI watermarking is the practice of embedding a hidden signal into AI-generated content so the content can later be identified as machine-produced. For images and video, watermarks are typically pixel-level perturbations invisible to humans but detectable by a verifier. Google’s SynthID and Meta’s video watermarking work this way. For text, watermarking biases the model’s word choices toward a statistically detectable pattern — the model is slightly more likely to pick “green list” tokens, and a verifier can measure whether a passage’s token distribution matches the expected pattern.

The effectiveness varies sharply by medium. Image and video watermarks survive moderate edits — compression, cropping, color adjustment — though heavy editing or regeneration through another model can destroy them. Text watermarks are far more fragile. Paraphrasing, light human editing, or running the text through a different model often removes the signal entirely.

What This Actually Means for Your Business

The EU AI Act, effective from August 2026, requires providers of AI systems that generate synthetic content to mark outputs as machine-generated in a way that’s “machine-readable and detectable.” Similar requirements are showing up in U.S. state laws and platform policies. Watermarking is the technical mechanism most providers will lean on to comply.

If you’re a CEO whose company produces marketing content, contracts, customer communications, or media — some of it AI-assisted — you need to know what your vendors are watermarking and what they aren’t. You also need to know what your detection tools can and can’t catch on inbound content, because the same watermarks that prove provenance on your outputs are the ones platforms and partners may use to flag AI content from you.

The harder problem is inbound: detecting AI-generated content from sources you don’t control. A vendor sends you a research report, a candidate sends you a writing sample, a journalist sends you a quote attributed to your competitor. Watermarking only helps if the original AI provider added a watermark and the content hasn’t been edited enough to destroy it. In practice, that’s a small subset of the content you’d actually want to verify.

Reality Check

What the vendor says: “Our platform watermarks all AI-generated content for full transparency and compliance.”

What that means in practice: Outputs from the vendor’s own model are watermarked. Content produced by other models, content that’s been edited by a human, content that’s been paraphrased through a second model, and any content older than the watermarking deployment is not detectable. Watermarking proves your content. It does not let you verify everyone else’s.

What Operators Actually Do

The companies treating this seriously separate two questions. First: are we watermarking our own AI-generated outputs in a way that satisfies regulators and partners? That’s a vendor question — what does your provider support, and is it on by default? Second: what’s our process for content where provenance matters and watermarking won’t help us? That’s an operations question — verification protocols, source-of-truth records, callback procedures.

For internal content, watermarking plus a content provenance standard (see C2PA) gives you an audit trail. Marketing produced an AI-generated image, the C2PA manifest records that, the watermark survives the basic edits a designer makes, and you can later prove the image’s lineage if a regulator or platform asks.

For high-stakes inbound content — wire instructions, executive communications, contract redlines — watermarking is not your control. Human verification is. A “we got an email from the CEO authorizing the wire” workflow that depends on detecting a deepfake watermark is a workflow that will eventually fail, because the attacker will use a model whose watermark you can’t detect, or paraphrase the output until the signal is gone.

The Questions to Ask

1. Are our AI vendors watermarking outputs by default, and what standard are they using? Different providers use different schemes. Your detection tooling needs to match. Find out before a regulator or platform asks.

2. What’s our policy for content we publish that started as AI-generated? If marketing uses AI for a draft, then a human rewrites half of it, what gets disclosed? Your policy should be written down before someone has to decide on a deadline.

3. Where are we relying on watermarking as a security control, and is that defensible? If the answer to “how do we know this is real?” is “we’d detect a watermark,” you have a gap. Watermarking is a signal, not a verification.