Watermarks Aren’t the Silver Bullet for AI Misinformation
Many of the leading artificial intelligence companies are already incorporating watermarking tech into their products. Some are simple and easily cropped, like OpenAI’s marking on DALL-E images, but others are more persistent. In August, for instance, Google announced the beta version of SynthID, an imperceptible watermark inserted directly into the pixels of an image. The method avoids degrading or prominently marking the image while allowing AI detection software to authenticate it even after it’s cropped or resized.
These “high perturbation” methods of embedding digital watermarks into the pixels and metadata of AI-generated content have proven to be some of the most promising answers to harmfully deceptive content. Still, products like SynthID can’t be the only solution. Google itself has said the tech “isn’t foolproof against extreme image manipulations.”
There’s mounting research to back that claim. Earlier this month, researchers from UMD's Department of Computer Science released a preprint paper explaining the many ways they were able to break all of the watermarking methods available through current technology. Not only was the team able to destroy these watermarks, but they were also able to insert fake ones into images as well, creating false positives.
Services like DALL-E and Midjourney have made image generation more accessible than ever before, and the internet has been littered with AI-generated fakes because of it. Some images are mostly harmless, but others, if used in an insidious manner, can be a cause for serious concern.
“I don’t believe watermarking the output of the generative models will be a practical solution” to AI disinformation, Soheil Feizi, associate professor of computer science at the University of Maryland, told The Verge on Monday. “This problem is theoretically impossible to be solved reliably.”
Click HERE to read the full article
The Department welcomes comments, suggestions and corrections. Send email to editor [-at-] cs [dot] umd [dot] edu.