AI Watermarking: Boon or Bane?

Notions about AI watermarking, a tool anticipated to assist in separating truth from deception amidst the ongoing surge of AI technology, have been cast in a shadow of doubt even before its actual development. Giants of the tech industry, such as Google, Amazon, and OpenAI, have suggested that watermarking may be an effective weapon against the escalating problems of online disinformation. With the increasing prevalence of deepfakes due to the emergence of generative AI, watermarking could potentially serve as an identification tool for discerning reality. It presently sits under the spotlight as one of the major propositions in the drive to make AI usage safer and transparent.

However, foolproof and reliable watermarking techniques are yet to be fully conceptualized and designed, according to academia. Studies from the University of Maryland, in particular, have successfully demonstrated the capacity to dismantle all current methods of watermarking.

The university researchers employed a technique called diffusion purification, launching Gaussian noise, a form of electronic noise signaling, at a watermark. This successfully removed the watermark without significantly affecting the image beneath.

With AI-generated content on the ascendency, particularly in specific sectors, potential avenues for misuse are springing into sight, emphasizing the necessity of designing tools capable of differentiating authentic content from AI-generated material.

Published on 29th September, a research paper states that watermarking, despite its current limitations, still holds promise. Essentially, it involves embedding a signal in a text or image, which can help in distinguishing if the content is AI-created. The hypothesis suggests that using a tool on the content would identify its authenticity or lack thereof, circumventing the danger of being deceived by a forged production. However, the attacking technique– diffusion purification – has already proven effective in eliminating current watermarks.

The paper subtly hints at optimism, conceding that crafting a robust watermark presents significant challenges yet isn’t entirely insurmountable. It suggests that an effective method would need to encompass certain features like substantial watermark perturbation, resistance against simplistic classification, and durability against noise transmission from other watermarked images.