Beyond Detection: How Cryptographic Content Provenance Answers the Deepfake Problem
The instinctive response to synthetic media has been to try to spot it. Build a better detector, train it on the latest fakes, and flag what looks wrong. The difficulty is that this is a race the defender keeps losing. As generation improves, detection accuracy falls, and the public is left trying to judge authenticity by eye, which is something people are demonstrably poor at.
There is a more durable approach, and it is one the cryptographic community has used for decades in other contexts: rather than trying to detect what is fake after the fact, prove what is genuine at the point of creation. This is the logic of cryptographic content provenance, and it reframes the deepfake problem from a detection challenge into a trust challenge that PKI is well suited to address.
Why detection cannot win on its own
Detection is inherently reactive. It can only recognise the patterns it has been trained on, while the systems producing synthetic media improve continuously. The result is a widening gap: high-quality fakes are now convincing enough that human reviewers struggle to identify them reliably, and automated detectors degrade as generation techniques evolve.
This does not make detection worthless. It makes it insufficient as the primary line of defence. Anything built solely on spotting fakes is building on ground that keeps shifting.
The provenance alternative
Provenance inverts the problem. Instead of asking whether a piece of media is fake, it asks whether the media carries verifiable proof of where it came from and what has happened to it. That proof is cryptographic: a signed record, bound to the content, that can be checked by anyone and cannot be quietly altered.
This is the same trust model that underpins the rest of the digital world. A signature establishes origin and integrity. If you have read our explanation of what PKI is and our piece on the importance of digital trust, the mechanism will be familiar. Provenance simply applies it to images, audio and video.
How C2PA works in practice
The Coalition for Content Provenance and Authenticity, or C2PA, is the emerging standard for this. In plain terms, it allows a tamper-evident, cryptographically signed manifest to be attached to a piece of content and updated at each stage of its life. When the content is created, the capturing device or application can sign a record of its origin. When it is edited, the edit can be recorded and signed in turn. The chain travels with the content.
The value is not that this makes fakery impossible. It is that it makes authenticity verifiable. A news organisation, a platform or an individual can check the manifest and see a signed history rather than relying on a guess. Content without provenance becomes the exception that warrants caution, rather than every piece of content being equally suspect.
What this means for organisations
For any organisation that produces or relies on digital media, provenance is becoming part of the trust conversation. Newsrooms, brands, public bodies and regulated institutions all have an interest in being able to prove that what they publish is genuine, and in being able to verify what they receive.
The practical implication is cryptographic. Provenance depends on signing, and signing depends on keys that are managed properly: generated securely, protected against misuse, and governed across their lifecycle. An organisation that wants to sign its content credibly needs the same disciplined key management that underpins any serious use of PKI.
This is where provenance connects to the wider trust estate. Done well, content signing is one more application of a coherent cryptographic strategy rather than a bolt-on. Unsung's PKI consultancy helps organisations think about emerging signing use cases as part of that strategy, rather than in isolation.
A measured view
Provenance is not a finished answer. Adoption is early, standards are still maturing, and a manifest is only as trustworthy as the key that signed it and the party that holds it. But the direction is clear. The long-term answer to synthetic media is unlikely to be an ever-cleverer detector. It is far more likely to be a world in which genuine content carries proof, and the absence of proof is itself a signal.
Where to start
If your organisation is considering content authenticity, the useful first question is not which tool to buy but how signing fits your existing trust model. Speak to Unsung about how content provenance relates to your wider PKI and digital trust strategy.
