Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
AI Google Technology

Google's Invisible AI Watermark Will Help Identify Generative Text and Video 17

Among Google's swath of new AI models and tools announced today, the company is also expanding its AI content watermarking and detection technology to work across two new mediums. The Verge: Google's DeepMind CEO, Demis Hassabis, took the stage for the first time at the Google I/O developer conference on Tuesday to talk not only about the team's new AI tools, like the Veo video generator, but also about the new upgraded SynthID watermark imprinting system. It can now mark video that was digitally generated, as well as AI-generated text.

[...] Google had also enabled SynthID to inject inaudible watermarks into AI-generated music that was made using DeepMind's Lyria model. SynthID is just one of several AI safeguards in development to combat misuse by the tech, safeguards that the Biden administration is directing federal agencies to build guidelines around.
This discussion has been archived. No new comments can be posted.

Google's Invisible AI Watermark Will Help Identify Generative Text and Video

Comments Filter:
  • Text Fingerprints (Score:5, Interesting)

    by Dwedit ( 232252 ) on Tuesday May 14, 2024 @02:36PM (#64471945) Homepage

    Will these fingerprints for Text survive a round trip to and from plain ASCII? If you randomly decide between various similar Unicode characters or randomly throw in zero-width joiners, someone will probably notice that.

    Similarly, the image fingerprints must survive the image getting EXIF data stripped out, as well as the image being resized then compressed as a low-quality JPEG. Some bots even slightly rotate the image to mess with duplicate image detection.

    • by gweihir ( 88907 )

      They will not. Invisible watermarks in plain text are impossible. The whole thing looks like a fake "solution" to me.

    • Re:Text Fingerprints (Score:5, Informative)

      by EvilSS ( 557649 ) on Tuesday May 14, 2024 @04:47PM (#64472239)

      Will these fingerprints for Text survive a round trip to and from plain ASCII? If you randomly decide between various similar Unicode characters or randomly throw in zero-width joiners, someone will probably notice that.

      Yes, they will as they don't rely on any techniques like that. The watermark works by adjusting some of the token probability scores used to generate the text in a way that will allow it to be detected as AI generated but also without changing the meaning of the text. When the watermarked text is read back and compared against what that model without a watermark would have most likely produced, the token shifting can be detected. They can survive light editing and sentence/paragraph rearrangement, but not major rewrites. Longer text works better but Google claims as little as three sentences can be watermarked.

      Similarly, the image fingerprints must survive the image getting EXIF data stripped out, as well as the image being resized then compressed as a low-quality JPEG. Some bots even slightly rotate the image to mess with duplicate image detection.

      They can. They rely on making visually imperceptible changes to pixels in the image. These can be detected with a computer but not human eye. They can be done in a way that can survive most manipulation including compression, color shifting, resizing, etc. This has been around for ages in various forms, Google is just using it to watermark their AI images.

      • by Dwedit ( 232252 )

        What is this proposed miracle way to have an "imperceptible" pixel change that can survive a round trip through JPEG recompression and resizing? JPEG alone destroys the hell out of an image.

      • by djinn6 ( 1868030 )

        The watermark works by adjusting some of the token probability scores used to generate the text in a way that will allow it to be detected as AI generated but also without changing the meaning of the text. When the watermarked text is read back and compared against what that model without a watermark would have most likely produced, the token shifting can be detected. They can survive light editing and sentence/paragraph rearrangement, but not major rewrites. Longer text works better but Google claims as little as three sentences can be watermarked.

        So I can just run this watermarked text through another AI to reword it slightly?

        The whole point of using their LLM is their more accurate understanding of context that makes whole paragraphs make (more) sense. Generating the words in the sentence itself is easily done by much smaller LLMs, including ones you can run on your own machine.

        • by EvilSS ( 557649 )
          It's going to have to heavily rewrite it, not just adjust it slightly. There can be hundreds of "watermarks" in a few paragraphs, and you only need enough to recognize that the document contains watermarks to survive editing.
    • by ceoyoyo ( 59147 ) on Tuesday May 14, 2024 @08:56PM (#64472695)

      Robust image watermarking has been around for quite a while.

      For plain text watermarking, all replies will be written in iambic pentameter. Just kidding. AI text is already watermarked by having all the words spelled correctly and apostrophes used appropriately.

  • Watermarks (Score:4, Insightful)

    by Baron_Yam ( 643147 ) on Tuesday May 14, 2024 @02:56PM (#64471995)

    If it's in the data and you can detect it, then it can be removed from the data. These days, you can't even use large, damaging watermarks because an AI tool can easily remove them.

    It seems like a lot of work given how quickly this particular arms race progresses.

  • I'm inventing PirateGPT that will learn to hide and erase watermarks. Funded via Piratecoin.

  • by Rosco P. Coltrane ( 209368 ) on Tuesday May 14, 2024 @03:33PM (#64472077)

    I'm sure the bad guys with their non-Google models will follow suit and watermark their deepfakes too.

  • by kmoser ( 1469707 ) on Tuesday May 14, 2024 @08:45PM (#64472673)
    Hi ChatGPT, pls remove the watermark from this image generated by DeepMind, kthxbye
  • Aren't most of these sophisticated watermark schemes defeatable by simply changing formats or screenshots of the image? Ie, they really only work if the user doesn't know they're embedded?

    • by EvilSS ( 557649 )
      Not really. Most are pretty robust and can survive all but extreme manipulation of the image or video (which is just watermarking each frame as individual images). You can take a look here at some sample images from Google for different types of manipulations that maintained the watermark readability: https://deepmind.google/techno... [deepmind.google] . I've seen some of these watermark schemes that can even be read from photo taken with a phone of the image on a monitor.

      SynthID adds a digital watermark that’s imperceptible to the human eye directly into the pixels of an AI-generated image or to each frame of an AI-generated video. We’ve designed it so it doesn’t compromise image or video quality, and allows the watermark to remain detectable — even after modifications like cropping, adding filters, changing colors, changing frame rates (for video) and saving with various lossy compression schemes (commonly used for JPEG images).

UNIX is hot. It's more than hot. It's steaming. It's quicksilver lightning with a laserbeam kicker. -- Michael Jay Tucker

Working...