The technology company announced the beta test of this tool that seeks to improve the accuracy and security of digital content.
This month, Google announced the beta testing of its SynthID watermarking technology , which inserts a digital mark , invisible to the human eye, into any type of content generated with its Gemini AI models. This toolkit not only labels content, but also makes it possible to identify whether any of it was produced with this technology by scanning it to check its authenticity.
How does SynthID’s watermarking system work?
The October 2024 issue of Nature presents a detailed technical analysis of how the watermarking system works. In a simplified way, when a large language model (LLM) responds to a user query or request, the model predicts what the “best outcome” is to satisfy the request.
As the model generates the response character by character, the SynthID tool instantly assigns an invisible probability value to each potential word the model might choose. For example, if you ask the model to complete the sentence “I have a pet ___,” the word “dog” would have a high probability value, perhaps 0.9, while “gila lizard” would have a much lower value, around 0.01. This predictive process continues until the requirements of the original query are met.
«The final pattern of scores from the model’s word choices, combined with the adjusted probability values, forms the watermark. This technique can be used on as few as three sentences. And as the text increases in length, SynthID’s accuracy and robustness also increases ,» according to a company blog post on the topic.
The company also noted that this technology is now freely available for developers to integrate into their own generative AI language models. «We’re also releasing it as open source through the Google Responsible Generative AI Toolkit , which provides essential guidance and tools for building safer AI applications. We’re working with Hugging Face to make the technology available on their platform so developers can work with it and incorporate it into their models,» Google said.
The need for tools like SynthID
Peter Slattery , Ph.D., a leading researcher in the field of AI risks at MIT FutureTech , highlighted in an email exchange the critical importance of this technology. “We urgently need technologies like SynthID to protect the integrity of online information and safeguard our communication ecosystem. We know from the MIT AI Risk Repository and incident trackers that the misuse of AI-generated content for disinformation and deepfakes is widely documented and increasingly common, so this technology seems like an essential mitigation measure,” he said.
SynthID is not a definitive solution for AI content
However, Slattery noted that at least one study showed that researchers were able to manipulate or steal a digital watermark pattern similar to SynthID’s . «I think we need to be very cautious to ensure that watermarks are robust against tampering and that we don’t create scenarios where they can be faked. The ability to fake watermarks could make things worse rather than better, as it would provide an illusion of credibility,» he explained.
Google researchers in the study published by Nature acknowledged that despite SynthID’s strong detection capabilities, it is not a complete solution. «Another limitation of generative watermarks is their vulnerability to forgery, spoofing, and deletion attacks , an area of ongoing research. In particular, generative watermarks are weakened by edits to the text, such as paraphrasing via language models, although this typically significantly changes the content,» they noted in the study.
