provn
Sign InGet API Key
Back to Blog

February 17, 2026 · 4 min read · Provn Team

How to Detect AI-Generated Images Using C2PA Metadata

AI image generators like DALL-E, Midjourney, and Stable Diffusion can now produce photorealistic images that are nearly impossible to distinguish from real photographs. But many of these tools embed C2PA metadata that identifies the content as AI-generated.

How AI generators mark their output

When a C2PA-compliant AI tool generates an image, it creates a manifest with a specific assertion: c2pa.actions. Inside this assertion, the action is set to c2pa.created with a digitalSourceType of trainedAlgorithmicMedia.

Here's what that looks like in a manifest:

{
  "assertions": [
    {
      "label": "c2pa.actions",
      "data": {
        "actions": [
          {
            "action": "c2pa.created",
            "digitalSourceType": "trainedAlgorithmicMedia",
            "softwareAgent": "Adobe Firefly 3.0"
          }
        ]
      }
    }
  ]
}

Which tools support C2PA?

Major AI platforms are adopting C2PA for their generated content:

  • Adobe Firefly — embeds full C2PA manifests with AI generation markers
  • OpenAI (DALL-E) — adds C2PA metadata to generated images
  • Google — implementing C2PA across Imagen and other AI tools
  • Microsoft — embedding C2PA in Copilot-generated content

Detecting AI content with the Provn API

The Provn verification API automatically checks for AI generation markers and returns an isAiGenerated field in the response:

const res = await fetch("https://provn.dev/api/v1/verify", {
  method: "POST",
  headers: { Authorization: "Bearer provn_sk_xxx" },
  body: formData,
});

const data = await res.json();

if (data.activeManifest?.isAiGenerated) {
  console.log("This image was AI-generated");
}

Limitations to be aware of

C2PA-based AI detection has important limitations:

  • Not all AI tools use C2PA — open-source models like Stable Diffusion don't typically embed provenance data
  • Metadata can be stripped — screenshots, re-encoding, or some social media platforms may remove C2PA data
  • Absence isn't proof — a file without C2PA data could still be AI-generated; it just means there's no embedded provenance to verify

C2PA is best used as one signal among several in a content verification pipeline — a strong positive signal when present, but not conclusive when absent.

Start detecting AI-generated content with the Provn API — 100 free verifications per month.