C2PA Content Credentials explained.
How the cross-industry standard for AI image provenance works, who supports it, and why it matters.
Content Credentials, the standard maintained by the Coalition for Content Provenance and Authenticity, is the closest thing the web has to verifiable image origin. Founded by Adobe, Arm, BBC, Intel, Microsoft, and Truepic, the standard provides cryptographic provenance for images and video.
What a Content Credentials manifest contains.
Embedded in a credentials-enabled image is a cryptographically signed document declaring the software that created the image (for example, "Adobe Firefly" or an OpenAI image model), whether the image was generated by AI, edited by AI, or captured by a camera, the history of edits applied, and a chain of trust back to a recognized certificate authority. The manifest is signed by the originating software's private key, and anyone can verify the signature with the public key.
Who supports it in 2026.
Major image generators include Adobe Firefly (since 2023), OpenAI's image models (since 2024), Microsoft Designer, and Midjourney (rolling out). Several professional cameras (Sony, Leica, Nikon) ship with capture-time signing. Editors that preserve credentials include Photoshop, Lightroom, and DaVinci Resolve. Platforms that display credentials badges include LinkedIn and Truepic. Most professional detectors, including ours, read the manifest when present.
Where it breaks down.
Most consumer platforms strip image metadata on upload. Instagram, X, Facebook, WhatsApp, Discord, and iMessage do not preserve credentials by default. The image makes it through. The credentials do not. That is why visual analysis remains necessary even when Content Credentials is widely deployed. The standard works perfectly when intact, but you cannot rely on it being intact after any social media round-trip.
What it looks like to a checker.
When our checker finds a valid Content Credentials manifest in an image, you see a verdict marked as verified from image data, along with the generator name when one is identified. When it is absent and we fall back to visual analysis, the verdict reflects that with appropriate caveats.
Should you trust it?
For "is this image AI-generated?" specifically: yes. When a valid manifest is present, the conclusion is mathematically verifiable, and Content Credentials is the strongest single signal in image authenticity in 2026. For broader "is this image authentic or undoctored?" questions, the standard is helpful but not bulletproof, since bad actors can strip the manifest entirely. Detectors that combine credentials reading with visual analysis (like ours) handle that case better than either approach alone.
Want to check an image's credentials status? Drop it in our checker. If the manifest is intact, you will see it.
Sources and further reading.
Check an image now
Found something suspicious? Run it through the free checker. No signup needed.