Industry Insights

Which AI Image Generators Mark Their Output, and How

DALL-E, Firefly, Gemini, Midjourney, Stable Diffusion, Flux, and Grok compared: who embeds C2PA Content Credentials, who watermarks invisibly, and what survives a screenshot.

ByLumethic Team
8 min read
Share

Whether an AI-generated image announces itself depends entirely on which tool made it and how it traveled to you. Some generators cryptographically sign every output. Some embed invisible watermarks in the pixels. Some do both, and some do neither, and the differences decide what a checker tool can and cannot tell you. Here is the state of marking across the major generators as of mid 2026, and the limits that stay in place no matter how the table fills in.

The two kinds of marks

Two mechanisms matter, and they fail differently.

C2PA Content Credentials are signed metadata: a manifest attached to the file saying this image was generated, by which tool, when. Anyone can read it in an inspector, including ours. Its weakness is fragility: the manifest lives in the file's metadata layer, so a screenshot, a re-encode, or most social platform uploads remove it without a trace.

Invisible watermarks, of which Google's SynthID is the dominant example, are woven into the pixels themselves. They are designed to survive screenshots, resizing, compression, and cropping. Their weakness is access: a watermark is only readable by whoever holds the detector, so it helps platforms and the vendor's own checking tools rather than giving you an open, verifiable record. Our SynthID deep dive covers how that ecosystem works.

The strongest current setups use both: credentials for open verifiability, a pixel watermark for survival.

Tool by tool

GeneratorC2PA manifestInvisible watermarkWhat survives a screenshot
OpenAI (GPT image, DALL-E 3)Yes, since Feb 2024SynthID, since May 2026Watermark only
OpenAI Sora videoClaimed, inconsistent in testsVisible moving mark on standard tiersVisible mark, if not cropped
Adobe FireflyYes, every generationDurable-credentials watermarkWatermark recovery, mostly
Google Gemini / ImagenYes on newest models, since late 2025SynthID, all outputsWatermark
MidjourneyNoNone knownNothing
Stable Diffusion (self-hosted)NoWeak default, trivially disabledUsually nothing
Stability / Flux hosted APIsYesVariesLittle
Flux open weightsNoRemovable example codeUsually nothing
xAI GrokNot confirmedNot confirmedVisible corner logo, if not cropped

OpenAI, Adobe, Google: the marked majority

By volume, most images from the big hosted generators now carry marks. OpenAI has attached C2PA manifests to DALL-E 3 output since February 2024 and joined the C2PA steering committee in May of that year. In May 2026 it added a second layer, licensing Google DeepMind's SynthID watermark for images generated across ChatGPT, its API, and Codex, and previewing a public Verify tool that checks both marks on OpenAI-generated content. Video is messier: Sora output carries a visible moving watermark on standard tiers, and while OpenAI states C2PA is attached, independent testing has found the manifests missing or unreadable on standard downloads, so treat Sora provenance as unreliable in practice.

Adobe Firefly has embedded Content Credentials in every generation since its 2023 launch, and Adobe pairs the manifest with an invisible watermark so that a stripped credential can be re-associated with its record later, an approach it calls durable Content Credentials.

Google spent years relying on SynthID alone, embedded in all Imagen and Gemini image output, with a public detector available in the Gemini app since late 2025. C2PA manifests arrived more recently: since the Gemini 3 Pro image models in November 2025, new output carries both SynthID and Content Credentials, and Google announced in May 2026 that Chrome and Search will surface C2PA checks.

The pattern across all three: the companies with the most regulatory exposure, and the August 2, 2026 EU AI Act marking deadline now upon them, have converged on marking everything, twice where they can.

Midjourney, open models, Grok: the unmarked rest

Midjourney, still one of the most-used generators, ships no C2PA manifest and no known invisible watermark as of version 8. It has been a Content Authenticity Initiative member since 2023 without shipping an implementation, and third-party claims that it adopted C2PA in early 2026 are not supported by its own documentation. An image from Midjourney simply carries no machine-readable trace of its origin.

Self-hosted open-weight models are structurally unmarkable. Stable Diffusion's reference code includes a watermark library that forks routinely disable, and Flux's open weights ship example marking code that a self-hoster can remove. The hosted API versions of both add C2PA signing at the service layer, which helps exactly until someone runs the model themselves. This is not a solvable gap: any marking that lives in open inference code is optional by definition.

Grok generates images with a visible corner logo and no confirmed C2PA or invisible watermark. After the deepfake wave that forced xAI to restrict Grok's image generation in January 2026, its provenance story remains the thinnest of any major tool.

The consequence is the asymmetry that matters most in practice: a marked image tells you something, an unmarked image tells you nothing. Every determined bad actor can reach an unmarked generator, and every screenshot launders a marked image into an unmarked one.

Why none of this settles whether an image is real

Marking is a system for flagging AI content that cooperates. It has three structural holes. Marks are absent from the tools above that do not participate. Marks are removable, trivially for metadata, with more effort for pixel watermarks. And marks run in one direction only: they can say "this is AI", but the absence of a mark cannot say "this is a photo".

That last gap is the one that affects photographers, because it means no checker can clear a real photograph by finding nothing. Clearing a photo requires positive evidence of capture, which is a different mechanism entirely: a camera original that the published image can be traced back to. That is what RAW-to-JPEG verification establishes, and it works regardless of which generator's marks did or did not survive some platform's pipeline. For the reasoning behind that division of labor, see provenance versus AI detection.

For the checking you can do today: drop any suspect image into our AI Photo Checker, which reads the marks that do exist, and treat a clean result as "no evidence" rather than "not AI".

Frequently Asked Questions

Does Midjourney embed C2PA or a watermark?

No, on both counts, as of version 8 in mid 2026. Midjourney is a CAI member but has shipped no marking. Its images carry no machine-readable indication of AI origin, which is why detection tools cannot flag them by provenance and must guess from pixels.

Do DALL-E images carry Content Credentials?

Yes. OpenAI has embedded C2PA manifests in DALL-E 3 and GPT image output since February 2024, and since May 2026 the images also carry Google's SynthID invisible watermark. The manifest disappears in screenshots and most platform uploads; the watermark is designed to survive them.

What is the difference between C2PA and SynthID?

C2PA is signed metadata attached to the file: openly readable, rich in detail, fragile. SynthID is a pattern embedded in the pixels: robust against screenshots and re-encoding, but readable only through Google's detector. One is an open record, the other a resilient signal. Current best practice among major vendors is to use both.

If an image has no AI marks, is it a real photo?

No. Unmarked can mean generated by a tool that does not mark, or marked and then screenshotted. Absence of marks is the expected state of both most real photos and most AI images in circulation. Positive evidence of authenticity has to come from the capture side: an original file the image traces back to, which is what verification checks.

Can I check an image for these marks myself?

The C2PA layer, yes: our AI Photo Checker and Content Credentials Inspector read manifests in the browser. SynthID requires Google's detector, available in the Gemini app for images you can upload there. No public tool reads every vendor's watermark in one place.


The marking table will keep shifting, and we update this page as it does. The structure underneath it will not: marks identify cooperative AI, screenshots launder everything, and the only mark that cannot be stripped from a real photograph is the camera original you kept. If your work needs to survive the question "is this AI", verify it against your RAW and the answer stops depending on anyone's watermark.

Related Reading

#AI Generators#C2PA#SynthID#Watermarks#Provenance