Built on C2PA · Content Credentials

Know where content came from — and whether it changed.

Signata verifies and issues cryptographic content provenance. It answers two narrow questions about a piece of media — where did this come from and has it changed since it was signed — and never claims to know whether what you're looking at is true.

No provenance is the normal state for most media — and it's never evidence of fakery.

Verification result
api_version 2026-01-01
Verified provenanceAI-edited (disclosed)

A valid Content Credential is attached, its signature and hard binding check out, and the signer is trusted.

Captured

Leica M11-P

Origin

Edited

Adobe Photoshop

Color, crop

Published

Newsroom CMS

Signed
SignerReuters Pictures Trusted
Hard bindingsha256 · matches
SignatureEd25519 · valid

A valid signature confirms origin and edit integrity — not the truth of what the content depicts.

The problem

You can't out-detect generative media. You can prove provenance.

The web is filling with synthetic images, video, and audio. Trying to spot fakes after the fact is a treadmill you lose. The durable move is to attach a cryptographic record of origin at creation, then verify it independently.

Generative media is now the default

Anyone can produce a convincing image, clip, or voice in seconds. The cost of a plausible fake has fallen to zero, and it keeps falling.

Detection is a losing arms race

Classifiers that guess whether a pixel was generated get worse with every model release. Chasing artifacts is reactive by design — you're always a step behind.

Provenance is the durable answer

Bind cryptographic provenance to content at the moment of creation, then verify it independently. NIST and the C2PA coalition point to exactly this — a signed record of origin, not a guess.

Only if it's open and verifiable

Provenance is worthless if it lives in one vendor's silo. C2PA is an open standard, so a credential signed by Adobe verifies the same way a credential signed by you does.

An honest verdict model

Five honest states — and not one of them says “fake”.

A verification answers where content came from and whether it changed since signing. It never claims to know whether the content is true. Most media is unsigned, and that is normal — “no provenance” means unknown, never fake.

Verified provenancecan also be AI-disclosed

A valid Content Credential is attached, its signature and hard binding check out, and the signer is trusted.

This confirms where the content came from and that it has not changed since it was signed. It does NOT confirm that what the content depicts is true — only its origin and edit integrity.

Provenance present · untrusted signer

A valid, intact Content Credential is attached, but its signer is not in your trust list.

The signature is cryptographically valid and the content matches what was signed, but the signer has not been added to your trust list. Treat the claims below as asserted-but-unverified until you decide to trust this signer.

Altered after signing

A Content Credential is attached but the content no longer matches what was signed.

The asset was modified, re-encoded, or had its manifest swapped after it was credentialed. The hard binding (a hash of the original bytes) no longer matches. This does not tell you what the original looked like — only that this is not it.

No provenance · authenticity unknown

No Content Credential was found. Authenticity is unknown — this is not evidence of fakery.

Most legitimate content on the internet today is unsigned. Absence of provenance means we cannot say where this came from — it is NOT a signal that the content is fake, manipulated, or AI-generated. Metadata is also easily stripped in transit; the transparency log can sometimes recover provenance by content hash.

Could not verify

We couldn't process this input.

The input could not be read as a supported asset, or an internal error occurred.

AI-generated (disclosed)AI-edited (disclosed)

AI disclosure is orthogonal to the verdict. A piece of media can be both verified and proudly disclosed as AI-generated. Signata surfaces disclosure from the manifest — it does not detect AI on its own, and absence of a disclosure is not proof a human made it.

Interoperates on day one

Verify the real ecosystem before you sign anything yourself.

Because Content Credentials are an open standard, Signata recognises media signed by the tools and cameras already shipping C2PA. Trust is always your workspace's choice — this list is a convenience, never an automatic grant.

Creative tool

Adobe

Photoshop, Firefly, Lightroom Content Credentials.

AI tool

OpenAI

DALL·E and Sora outputs carry C2PA credentials.

AI tool

Google

Imagen / SynthID-tagged C2PA content.

AI tool

Microsoft

Designer & Copilot image credentials.

Camera

Leica

M11-P / SL3 in-camera Content Credentials.

Camera

Sony

Alpha in-camera authenticity signing.

Camera

Nikon

Z-series provenance pilots.

Verifier

Truepic

Capture-time provenance attestations.

Verify · Sign · Log

One platform for the full provenance lifecycle.

Check inbound media, issue credentials on your own outputs, and keep an independent, tamper-evident record so provenance survives even when a file is stripped of its metadata.

Verify

Check inbound media against the open C2PA ecosystem. One call returns an honest verdict, the signer, the edit history, and any AI disclosure.

  • REST API + browser SDK, no upload to retain
  • Recovers provenance by content hash when metadata is stripped
  • Verdicts that never overclaim real vs fake
Open Verify Studio

Sign

Issue Content Credentials on your own outputs with Ed25519 keys and a SHA-256 hard binding — interoperable with every C2PA-aware reader on day one.

  • AI products can disclose generation in the manifest
  • Per-workspace signing identities, revocable
  • Standard C2PA or compact Signata format
How signing works

Transparency log

Every credential you issue is recorded in an append-only, hash-chained log — so provenance survives even when a file is re-encoded and its embedded manifest is lost.

  • Tamper-evident: each entry chains to the last
  • Look up provenance by asset hash
  • Independent record, not just embedded metadata
Read the spec
Built for developers

A verdict in one call.

A single REST endpoint and a typed SDK. Authenticate with x-signata-api-key, send bytes, and get back a stable, honest verification contract — signer, edit history, AI disclosure, and the hard-binding result.

verify.sh
curl https://api.signata.dev/api/v1/verify \
  -H "x-signata-api-key: $SIGNATA_API_KEY" \
  -F "file=@inbound-photo.jpg"

# → {
#   "verdict": "verified",
#   "verdict_label": "Verified provenance",
#   "summary": "A valid Content Credential is attached, its
#               signature and hard binding check out, and the
#               signer is trusted.",
#   "signer": { "name": "Reuters Pictures", "trusted": true },
#   "ai": { "disclosure": "not_disclosed", "generated": false },
#   "binding": { "algorithm": "sha256", "matches": true },
#   "recovered_via": "embedded"
# }
Who it's for

Two sides of the same standard.

Newsrooms and platforms verifying inbound media; AI products and creator tools signing their outputs. Signata sits on both sides of the C2PA handshake.

Newsrooms & publishers

Verify inbound media from wires, stringers, and the public before it runs. See the edit history and signer at a glance, route ambiguous cases to a review queue, and never present 'unsigned' as 'fake'.

Platforms & marketplaces

Check provenance on upload at scale through the API. Apply workspace policies to label disclosed AI, surface trusted signers, and recover provenance by hash when files are re-encoded in transit.

AI products & creator tools

Sign your outputs with Content Credentials so downstream readers can confirm origin — and disclose AI generation honestly in the manifest. Interoperable with the whole ecosystem from day one.

Two questions, two products

Axiom answers “is this actor human or agent?” Signata answers “is this content real — where did it come from?” Same conviction about authenticity, aimed at two different layers of the internet.

Get started

Start with verification. It has value on its own.

Verify content signed by the existing C2PA ecosystem today — Adobe, OpenAI, cameras and more — before you sign a single thing yourself. Issue your own credentials when you're ready.