Who Made This

No robust, cross-modal method exists to reliably distinguish AI-generated content from human-created content. Watermarking faces a fundamental robustness-invisibility tradeoff: increasing robustness degrades content quality, while increasing invisibility makes watermarks removable. Text is "significantly more difficult to watermark" than images or audio because it offers a much smaller embedding surface and is sensitive to small alterations — paraphrasing can destroy any known text watermark. Every watermarking scheme proposed to date can be broken by a determined adversary, and metadata-based provenance chains break at every format conversion, screenshot, or re-encoding.

Deepfakes in political campaigns, synthetic scientific paper mills, fabricated evidence in legal proceedings, and AI-generated misinformation at scale are all increasing in sophistication and volume. Content provenance — knowing where content came from and whether it was modified — is essential for maintaining trust in digital information. The problem compounds over time: as AI-generated content floods the internet, it becomes training data for future AI systems, creating a feedback loop that degrades the information ecosystem.

Automated detection methods (classifiers trained to distinguish real from synthetic content) achieve high accuracy on known generators but fail to generalize to novel generators — there is no detection method that works across all AI models. The C2PA standard provides a metadata-based provenance chain, but it depends on voluntary adoption, can be stripped from content trivially, and only proves provenance if the creation tool participates. Hardware-based attestation (secure camera chips that sign images at capture) works but only for new devices and only for first-generation images — any modification breaks the chain. Human-based detection is costly, subjective, and has been shown to perform near random chance for high-quality AI-generated text. The core technical limitation: distinguishing AI-generated from human-created content may be information-theoretically impossible for high-quality generation — the better the AI, the harder the detection.

A shift from detection-centric approaches (asking "is this AI-generated?") to provenance-centric approaches (asking "where did this come from and through what chain?") — essentially building a content supply chain that is verifiable at each step. This requires hardware-level capture attestation becoming ubiquitous, combined with tamper-evident metadata that survives format conversions. For text specifically, statistical watermarking methods that are robust to paraphrasing remain an open research problem with no known solution.

A team could evaluate the robustness of current AI content detection tools against adversarial attacks (common transformations: compression, cropping, paraphrasing, translation) and quantify where each approach fails. Alternatively, a team could prototype a provenance chain system for a specific content type (e.g., news photos) and test how well provenance metadata survives real-world sharing workflows (social media, messaging apps). Relevant skills: machine learning, signal processing, information security, HCI.