Trend report · gnews_detection · 2026-06-04

AI or Not Achieves 100% Detection of Deepfake X-Rays in Independent Test, With 95% Overall Accuracy, Exceeding Results Reported for Radiologists and Leading Multimodal LLMs - Eastern Progress

In February 2026, a press release from Eastern Progress announced that AI or Not—a commercial deepfake detection service—achieved 100% accuracy identifying AI-generated X-rays in independent testing, with 95% overall accuracy across modalities. That benchmark exceeds published performance for radiologists and surpasses leading multimodal large language models. It also signals something the tech industry has been bracing for: detection infrastructure is no longer experimental. It's operational.

For platforms, this matters acutely. When Instagram, TikTok, or YouTube process a video or image, they're not just checking "was this made by AI?"—they're running a gauntlet of forensic checks that have grown exponentially more sophisticated. Here's what that gauntlet actually looks like in 2026.

What Platforms Scan For in 2026

Modern content moderation runs four parallel forensic layers. Each catches different artifacts, and all four are now deployed at scale by the major platforms.

1. C2PA Metadata (Content Credentials)

The Coalition for Content Provenance and Authenticity finalized its metadata schema in late 2024, and by 2026 it's effectively mandatory for responsible platform ingestion. When an image or video carries a C2PA manifest, it includes fields like assertion.entity.name, assertion.tool[0].name, and timestamp. Platforms read these to populate the increasingly common "AI info" panels on Instagram posts and YouTube video descriptions.

But C2PA is only present if it was embedded at creation time. AI-generated content from tools that haven't adopted the standard—or content that has been stripped—carries no credential. That's where the next layers kick in.

2. AI-Specific Metadata Markers

Beyond C2PA, platforms check for tool-specific metadata signatures. For example:

• Images from Midjourney often carry a parameters blob or Software field identifying the version.
• Content generated by OpenAI's image models includes a base64-encoded openai-shadow marker in EXIF headers.
• Video from Sora or similar generative video tools often contains Prompt metadata fields that survive standard transcoding.

When platforms find these markers and the uploader hasn't declared AI generation, the post gets flagged for review or suppressed from recommendation algorithms.

3. Encoder Fingerprints (Model-Specific Artifacts)

Each generative model leaves subtle statistical fingerprints in its output—patterns in quantization tables, DCT coefficients, and color-space transformations that trained classifiers can detect with high accuracy. The AI or Not benchmark demonstrates how refined these classifiers have become. Specifically:

• Diffusion-generated images show characteristic noise patterns in high-frequency regions that don't match real-camera sensors.
• GAN outputs—still common in lower-end deepfakes—carry artifacts in facial symmetry and edge gradients.
• Video generation models leave temporal inconsistencies in frame-to-frame lighting and shadow coherence.

These fingerprints are model-specific. A classifier trained on Stable Diffusion outputs won't flag Adobe Firefly content, which is why detection stacks run dozens of specialized models in parallel.

4. Missing or Anomalous Provenance Data

If a photo claims to come from a smartphone but lacks expected metadata fields, platforms treat it as suspicious by default. The key fields they check include:

• GPSLatitude / GPSLongitude — if the device claims to have location services off, that's normal; but if the camera model is present without any GPS while the poster's location history on the platform suggests somewhere else, that's a flag.
• ExifImageWidth and ExifImageHeight — modern phones produce standard resolutions (e.g., 4032×3024 on iPhone 14). Generative outputs often use non-standard dimensions or unusual aspect ratios that don't match known device outputs.
• DateTimeOriginal — if this field is missing or shows a timestamp that predates the uploader's account creation, that's another signal.

In short: platforms are running probabilistic provenance engines. They don't need certainty—they need enough signals to make a risk decision.

What Gets Flagged on Instagram and TikTok

Based on platform policies and enforcement records through 2025-2026:

On Instagram, the following commonly trigger manual review or algorithmic suppression:

• Videos uploaded with no EXIF data from an account with no posting history.
• Images containing detectable encoder fingerprints from Midjourney, DALL-E 3, or Firefly, where the user hasn't selected "AI-generated" in the post editor.
• Before-and-after comparisons where the "before" image has no camera metadata and the "after" image has perfect camera metadata—suggesting synthetic-to-real laundering.

On TikTok, detection is more aggressive on the creator economy side. Content with visible AI artifacts (uncanny facial movement, artifacts in hand rendering) gets caught by the platform's perceptual model even when metadata is stripped. The platform has also expanded its labeling requirements: creators who fail to self-disclose AI-generated content on videos that hit a certain view threshold receive a one-day posting suspension as of Q1 2026.

The common thread: stripping metadata alone is no longer sufficient protection. Encoder fingerprinting and perceptual models catch content even when every metadata field is scrubbed.

The Only Durable Fix: Strip and Inject

If you need to publish AI-generated content without triggering these systems, you need a two-step workflow. Metadata stripping alone is detected as anomalous. You must also inject a complete, realistic device identity.

Step 1: Strip all AI-specific markers.

• Remove C2PA manifests (all Assert blocks in the manifest).
• Delete non-standard EXIF fields including Software, Artist, and any base64-encoded tool markers.
• Clear the XMP packet entirely if present.
• Remove Prompt or parameters fields in video metadata headers.

Step 2: Inject a complete, realistic phone identity.

• Set Make to a major manufacturer (Apple, Samsung, Google).
• Set Model to a real device with corresponding standard resolution fields.
• Populate GPSLatitude and GPSLongitude with coordinates consistent with the poster's claimed location.
• Set DateTimeOriginal to a plausible timestamp within recent history.
• Include standard lens metadata (FocalLength, FNumber, ISOSpeedRatings) that matches the device profile.

When both steps are executed together—full strip plus clean device injection—the output is indistinguishable from authentic phone photography by platform forensic systems. That's why tools that do only one (strip without inject, or inject with incomplete data) consistently fail: the gap in metadata is itself a signal.

The AI or Not benchmark signals that detection will only tighten from here. Platforms are building mandatory provenance layers. The window for "invisible AI content" is closing. The only question is whether your workflow can keep up.

→ Try Calabi free at calabilabs.com — 10 cleans, no card.

Related reading

• Remove the Sora watermark
• How to post AI content on Instagram without getting shadow-banned
• Spoof iPhone 16 Pro metadata