AI image generators have been available for several years and have been increasingly used to create “deepfakes” — false images purporting to be real. In March, fake AI images of former president Donald Trump running away from police went viral online, and in May a fake image showing an explosion at the Pentagon caused a momentary crash in stock markets. Companies have placed visible logos on AI images, as well as attached text “metadata” noting an image’s origin, but both techniques can be cropped or edited out relatively easily.
“Clearly the genie’s already out of the bottle,” Rep. Yvette D. Clarke (D-N.Y.), who has pushed for legislation requiring companies to watermark their AI images, said in an interview. “We just haven’t seen it maximized in terms of its weaponization.”
For now, the Google tool is available only to some paying customers of its cloud computing business — and it works only with images that were made with Google’s image-generator tool, Imagen. The company says it’s not requiring customers to use it because it’s still experimental.
The ultimate goal is to help create a system where most AI-created images can be easily identified using embedded watermarks, said Pushmeet Kohli, vice president of research at Google DeepMind, the company’s AI lab, who cautioned that the new tool isn’t totally foolproof. “The question is, do we have the technology to get there?”
As AI gets better at creating images and video, politicians, researchers and journalists are concerned that the line between what’s real and false online will be eroded even further, a dynamic that could deepen existing political divides and make it harder to spread factual information. The improvement in deepfake tech is coming as social media companies are stepping back from trying to police disinformation on their platforms.
Watermarking is one of the ideas that tech companies are rallying around as a potential way to decrease the negative impact of the “generative” AI tech they are rapidly pushing out to millions of people. In July, the White House hosted a meeting with the leaders of seven of the most powerful AI companies, including Google and ChatGPT maker OpenAI. The companies all pledged to create tools to watermark and detect AI-generated text, videos and images.
Microsoft has started a coalition of tech companies and media companies to develop a common standard for watermarking AI images, and the company has said it is researching new methods to track AI images. The company also places a small visible watermark in the corner of images generated by its AI tools. OpenAI, whose Dall-E image generator helped kick off the wave of interest in AI last year, also adds a visible watermark. AI researchers have suggested ways of embedding digital watermarks that the human eye can’t see but can be identified by a computer.
Kohli, the Google executive, said Google’s new tool is better because it works even after the image has been significantly changed — a key improvement over previous methods that could be easily thwarted by modifying or even flipping an image.
“There are other techniques that are out there for embedded watermarking, but we don’t think they are that reliable,” he said.
Even if other major AI companies like Microsoft and OpenAI develop similar tools and social media networks implement them, images made with open-source AI generators would still be undetectable. Open-source tools like ones made by AI start-up Stability AI, which can be modified and used by anyone, are already being used to create nonconsensual sexual images of real people, as well as create new child sexual exploitation material.
“The last nine months to a year, we’ve seen this massive increase in deepfakes,” said Dan Purcell, founder of Ceartas, a company that helps online content creators identify if their content is being reshared without their permission. In the past, the company’s main clients have been adult content makers trying to stop their videos and images from being illicitly shared. But more recently, Purcell has been getting requests from people who have had their social media images used to make AI-generated pornography against their will.
As the United States heads toward the 2024 presidential election, there’s growing pressure to develop tools to identify and stop fake AI images. Already, politicians are using the tools in their campaign ads. In June, Florida Gov. Ron DeSantis’s campaign released a video that included fake images of Donald Trump hugging former White House coronavirus adviser Anthony S. Fauci.
U.S. elections have always featured propaganda, lies and exaggerations in official campaign ads, but researchers, democracy activists and some politicians are concerned that AI-generated images, combined with targeted advertising and social media networks, will make it easier to spread false information and mislead voters.
“That could be something as simple as putting out a visual depiction of an essential voting place that has been shut down,” said Clarke, the Democratic congresswoman. “It could be something that creates panic among the public, depicting some sort of a violent situation and creating fear.”
AI could be used by foreign governments that have already proved themselves willing to use social media and other technology to interfere in U.S. elections, she said. “As we get into the heat of the political season, as things heat up, we could easily see interference coming from our adversaries internationally.”
Looking closely at an image from Dall-E or Imagen usually reveals some inconsistency or bizarre feature, such as a person having too many fingers, or the background blurring into the subject of the photo. But fake image generators will “absolutely, 100 percent get better and better,” said Dor Leitman, head of product and research and development at Connatix, a company that builds tools that help marketers use AI to edit and generate videos.
The dynamic is going to be similar to how cybersecurity companies are locked in a never-ending arms race with hackers trying to find their way past newer and better protections, Leitman said. “It’s an ongoing battle.”
Those who want to use fake images to deceive people are also going to keep finding ways to confound deepfake detection tools. Kohli said that’s the reason Google isn’t sharing the underlying research behind its watermarking tech. “If people know how we have done it, they will try to attack it,” he said.