In late 2024 and through 2025, Meta released Content Seal: a family of research models that hide an invisible, robust watermark inside AI-generated images, video, audio and text. The pitch was clean. Meta will mark the fakes it produces so the world can tell them apart from real photographs. Provenance, at last, for the AI age.
Then you read the fine print. The research models are MIT-licensed and downloadable from GitHub. The production variant, the one actually used inside Meta’s own Imagine and Muse image generators, is a “custom proprietary implementation” whose keys Meta has not published. Which means: if Meta generated the image, only Meta can verify it. Everyone else builds detectors that work on the open-source encoders and fall silent on the images that actually matter.
Meanwhile, if the image in question is a real photograph you took, Facebook and Instagram strip the EXIF out of it the moment you upload. Meta has been building provenance for its fakes while quietly erasing the provenance on your reals. That is the shape of AI authentication in 2026, and we should probably talk about it.
DigitalSourceType = trainedAlgorithmicMedia tag Meta writes into the file’s XMP metadata. Our Meta Content Seal Detector now checks both signals in one pass. And Meta strips EXIF from your uploaded photos on the way in.
๐ Test any image free → Meta Seal Detector
What Meta actually released
Content Seal is not one model. It is a suite of research artifacts that Meta’s FAIR team open-sourced across 2024 and 2025, each targeting a different modality:
- Videoseal and Videoseal 1.0 (
y_256b_img.pth). Hides a 256-bit message inside an image or video. Survives JPEG compression down to about q60, small crops, mild edits. - PixelSeal. Meta’s flagship 2025 image model, trained with an adversarial-only pipeline. State-of-the-art robustness and imperceptibility, at the cost of a much larger 1.2 GB checkpoint.
- ChunkySeal. A 1024-bit variant that quadruples the payload without sacrificing robustness.
- AudioSeal. Localized watermarking for AI-generated speech, with sample-level detection and streaming support.
- TextSeal and DistSeal. Text watermarks and dataset-level watermarks intended to detect whether an LLM was trained on marked data.
All of them are MIT-licensed, published under facebookresearch/videoseal, facebookresearch/audioseal, and cousins. Pretrained weights auto-download the first time you run videoseal.load("pixelseal") or its siblings. On a modest CPU box the detector takes about three to four seconds per image. Impressive engineering, and the papers are worth reading.
The catch: Meta’s production keys are not in the box
The Content Seal landing page contains one sentence that most coverage skipped over. Under “Content Seal for Images and Video,” Meta writes: “Content Seal Image is deployed at scale for Muse Image with a custom proprietary implementation. We also provide open-source versions of our research models for images and video.” Read that twice.
Muse Image is the model behind Imagine with Meta AI, the image generator baked into Meta’s apps. Every image it produces carries a Content Seal watermark. The public research models can encode and decode watermarks with their own keys, but they are not calibrated to detect the specific bit pattern Meta’s production Muse encoder writes. Meta kept those keys private.
So when a well-meaning developer builds a “Meta Content Seal Detector” from the open-source repo, feeds it an actual Imagine-with-Meta-AI image and gets a “no watermark detected” result, the tool is not broken. Meta’s production watermark is not in the tool’s vocabulary, by design.
We know because we tested it. We loaded the two most likely candidates, Videoseal 1.0 and PixelSeal, both directly from Meta’s repo. Fed a real Imagine-with-Meta-AI image through each detector at seven different sizes, aspect ratios and crops. Every result landed in the noise floor, indistinguishable from an unwatermarked photograph. Then we re-ran the same models on images we watermarked ourselves with those same models, and got near-perfect 94 to 95 percent bit consistency across the same views. The detectors work. Meta just is not letting them work on Meta’s own outputs.
What the ExifReader Meta Seal Detector actually does
Our Meta Content Seal Detector runs two checks in parallel on every image you upload, and it’s honest about what each one means.
Check 1: the pixel-level Videoseal decoder. We decode 256 bits from the image at four different views: the original, JPEG re-encoded at quality 85, JPEG re-encoded at quality 60, and a 5 percent center crop. If a real Videoseal watermark is embedded, all four decodings agree at 90 percent or higher, because the watermark is designed to survive exactly those attacks. If nothing is embedded, the “decoded bits” are pattern noise and the four views disagree at close to 50 percent, which is chance. This catches images watermarked by anyone using the public Videoseal or PixelSeal encoders. It does not catch Meta Muse.
Check 2: the metadata scan. We run ExifTool over the same file and look for the tags that actually announce AI generation in the wild: C2PA content credentials, the IPTC DigitalSourceType = trainedAlgorithmicMedia tag, PNG parameters blocks from ComfyUI and A1111, Software fields identifying Midjourney, DALL·E, Firefly, and so on. This is the check that actually catches Meta AI images, because Meta writes the IPTC tag even though it withholds the pixel key.
You get one combined verdict with six possible outcomes: watermark plus metadata, watermark only, C2PA only, metadata only, possible watermark, or clean. And you get the full JSON report if you want to keep receipts.
๐ Run both checks now → Meta Seal Detector
What actually flags a Meta AI image today
If you are trying to answer “was this made by Meta AI?”, in 2026 the answer is not in the pixels. It is in the metadata. Every image produced by Imagine with Meta AI ships with two things stamped into its XMP:
XMP-iptcExt:DigitalSourceType = http://cv.iptc.org/newscodes/digitalsourcetype/trainedAlgorithmicMedia. The IPTC standard code for “created wholly by a machine learning system.”- A short XMP toolkit stamp and, in many cases, a Content Credentials manifest (though production Content Credentials support has been rolling out unevenly).
That IPTC tag is what Instagram, Threads and Facebook read when they slap an “AI info” label on posts, and it is what our AI Metadata Detector has been catching since day one. Feed it the same Meta AI image and the verdict comes back “AI metadata detected”, with the exact tag surfaced. No 1.2 GB neural network required.
The pattern is the same across the industry, not just Meta. Google’s Imagen and Gemini images carry C2PA plus SynthID (SynthID being the pixel watermark Google has not opened up to any third-party detector). OpenAI’s DALL·E 3 embeds C2PA content credentials by default. Adobe Firefly stamps Content Credentials. Midjourney and Stable Diffusion often leak their own parameter blocks. The signal is almost always in the metadata. The pixel watermarks tend to be either proprietary (Meta, Google) or absent (Midjourney, Flux, most Stable Diffusion pipelines).
Now the other half of the story
Meta’s public message on Content Seal is a good-citizen message. Provenance matters. Deepfakes are a problem. We are building the tools. The message says less about what happens when the image is not a Meta fake but a real photograph you took.
Upload the same photograph to Facebook, Instagram, Threads, or WhatsApp, and by the time it comes back down through the API or a re-share, the EXIF is largely gone. GPS coordinates: stripped. Camera model, lens, shutter speed, ISO: usually stripped or normalized. Copyright fields: unreliable. IPTC creator tags: gone. The specifics shift over time and vary between apps and formats, but the direction is consistent. Meta’s pipeline treats your metadata as bloat.
There are defensible reasons for stripping EXIF on user uploads. It removes GPS traces that could reveal home addresses. It reduces file size. It sidesteps some legal exposure. But the pattern is worth naming out loud: the same company that wrote a whole research program on provenance for machine outputs treats the provenance you attached to your own photographs as disposable. Provenance for the algorithm, amnesia for the human.
What you can do about it
Four things, ranked from easiest to most involved.
1. Test any image you receive
Before you trust an image on the internet, run it through both of our free detectors. The Meta Seal Detector checks for pixel watermarks (open-source Videoseal family) plus AI metadata in one pass. The AI Metadata Detector does a deeper metadata inspection including full C2PA manifest verification. If either signals AI, you have a strong hint. If neither signals AI, you have a screenshot-level absence of evidence, not evidence of absence.
2. Keep provenance on YOUR photographs
Before uploading to any Meta property, embed the metadata you actually want to preserve. Our Copyright Editor writes IPTC creator, copyright and credit lines directly into the file. Our GPS Editor lets you set or clear location tags on your own terms. If Meta is going to strip the metadata Meta does not care about, at least have the copyright field on record before you upload, and keep the original file with everything intact somewhere they cannot touch.
3. Strip AI metadata only when you have a reason
If you generate an image with an AI tool and want to post it without the “AI info” label auto-firing, our AI Metadata Remover strips the AI-specific tags (C2PA, IPTC DigitalSourceType, PNG parameters) while preserving camera EXIF and copyright. There is a legitimate use case for this: you are the person who made the image, and you want to be the one to disclose it. There is also a dishonest use case for it, and if you are here for that one, you have picked the wrong tool.
4. Keep track of what stripping cannot do
This is the honesty rule and it never goes away. Removing metadata cannot remove pixel-level fingerprints. Google’s SynthID watermark is invisible, statistical, and detectable only by Google’s own servers. Meta’s production Content Seal watermark, whatever it decodes to, presumably survives similar treatment. Model-forensic classifiers can spot generation artifacts from Midjourney or Flux with reasonable accuracy even after every metadata field has been scrubbed. If a tool anywhere on the internet promises to make an AI image “undetectable,” that tool is lying. The best you can do is remove the metadata layers that the removable methods look at.
The larger point
Meta’s Content Seal is genuinely good research. The PixelSeal paper is worth reading. The 1024-bit ChunkySeal capacity result is a real contribution. Publishing the research models under MIT is more generous than most of the industry. And the framing is basically correct: AI images should be markable, deepfakes should be detectable, and the standards that make this possible should be open.
The gap is not in the research. The gap is that Meta ships the research openly and then withholds the piece that would let anyone else verify Meta’s own outputs. And at the same time, treats the metadata you attached to your photographs as friction to be removed on ingest. Both choices are defensible in isolation. Together they add up to a system where machine-authored images are the provenanced ones and human-authored images are the anonymous ones. The industry has this backward.
Until Meta publishes the production keys, or an independent standard forces the issue, the practical response is boring: use metadata-based detectors (they still work), keep your own copyright fields in order, and stop assuming that “no pixel watermark” means “not from an AI.” The signal is in the tag, not the pixels. Our tools are free.
- ๐ Meta Content Seal Detector. Videoseal pixel check plus AI metadata scan in one pass.
- ๐ AI Metadata Detector. Full C2PA / IPTC / EXIF inspection.
- ๐งน AI Metadata Remover. Strip AI markers, keep camera EXIF.
- ยฉ๏ธ Copyright Editor. Write your own IPTC provenance before you upload.