Watermarks offer no defense against deepfakes

Researchers at the University of Waterloo’s Cybersecurity and Privacy Institute have developed UnMarker, a groundbreaking tool that can remove any AI-generated image watermark—without knowing the watermark's design or even if a watermark exists. As concerns grow over the misuse of deepfakes in politics, law, and privacy, major AI companies like OpenAI and Google have proposed invisible watermarks to distinguish real from AI-generated content. However, UnMarker proves these defenses are breakable. It works by identifying subtle patterns in an image’s spectral domain and disrupting them, rendering the watermark undetectable while preserving image quality. In tests, UnMarker successfully removed watermarks over 50% of the time across multiple AI models, including Google’s SynthID and Meta’s Stable Signature. The research underscores the fragility of current watermarking methods and the urgent need for more robust safeguards.