Trend report · gnews_detection · 2026-06-11

FMA warns AI deepfake scams cost NZ $265m with no law to stop them - b2bnews.co.nz

In March 2025, New Zealand's Financial Markets Authority issued a stark warning: AI-powered deepfake scams had cost the country NZ$265 million in the previous twelve months, with no legislation in place to stem the tide. The figure represents a 340% increase from the prior year. For platforms tasked with moderating AI-generated content, the FMA's report is less a regional anomaly and more a global preview—and the detection arms race is now entering its most technically sophisticated phase yet.

What Platforms Actually Scan For in 2026

Modern AI content detection doesn't rely on a single signal. Instead, platforms deploy a layered forensic pipeline that evaluates content across five distinct dimensions. Understanding these layers matters because each has bypass vectors—and each bypass vector has a counter.

1. C2PA Metadata (Content Provenance)

The Coalition for Content Provenance and Authenticity framework has become the de facto standard for signaling AI origin. C2PA embeds cryptographically signed metadata into files at the point of generation. When a model like Sora, Midjourney v7, or Kling 2.0 renders content, it should sign the c2pa block with fields including:

• assertion_generator_name — the model's identifier
• assertion_generator_version — version string
• actions[].parameters.prompt — original text prompt (in newer specs)
• claim_generator — the software that created the assertion

Instagram, TikTok, and YouTube all now parse C2PA blocks during upload. A file with a valid, unstripped C2PA signature from a known generator receives a "AI-generated" label automatically. Platforms that don't label risk regulatory exposure following the EU AI Act's deepfake disclosure requirements.

2. XMP and EXIF Metadata Fingerprints

Even without C2PA, raw metadata reveals AI origin. Leading generators populate specific XMP fields:

• xmpMM:DocumentID — a UUID generated at creation
• xmp:CreatorTool — tool name and version (e.g., "Adobe Firefly 3.0")
• photoshop:DateCreated — timestamp with timezone offset
• dc:creator — often set to the platform's internal user agent

Instagram's moderation pipeline flags images with CreateDate fields that predate the device's reported age, or where GPSLatitude is present but GPSLongitude is null—a common artifact of AI generation pipelines that generate approximate location data.

3. Encoder Signature Detection (DCT Analysis)

When AI models upsample or generate images, they leave statistical fingerprints in the Discrete Cosine Transform coefficients of JPEG artifacts. Detection tools—including Adobe's Content Authenticity Initiative validator and False.psy—look for:

• 4×4 grid quantization anomalies: AI upscalers often operate on 4×4 pixel blocks, leaving subtle periodicities in the DCT energy spectrum.
• DCT histogram kurtosis: Genuine photographs have natural DCT coefficient distributions. AI-generated content shows artificially low kurtosis in mid-frequency bands.
• Color filter array (CFA) artifacts: Real camera images have detectable CFA patterns from the sensor's color filter. AI generation never recreates these authentically.

TikTok's detection pipeline runs these checks server-side during transcoding. A video that fails DCT anomaly thresholds above 0.73 on their internal scoring model gets routed to human review with "possible AI-generated" flagged.

4. Missing or Inconsistent GPS/EXIF Trails

Content from real cameras carries a sequential trail: GPS coordinates, accelerometer data, device orientation, and timestamps that correlate across files. AI-generated content often:

• Has no GPS coordinates despite having a reported device model that always includes GPS
• Shows ExifIFD:DateTimeOriginal and GPS:GPSTimeStamp that differ by implausible margins
• Contains metadata from a device model released after the claimed capture date

Instagram's "AI content" label criteria include a specific check: if the file contains an Make and Model tag from a known smartphone manufacturer but is missing GPSLatitudeRef entirely, the content enters the detection queue.

5. Neural Network Embeddings (Perceptual Hashes)

Beyond metadata, platforms compare uploaded content against databases of known AI-generated outputs using pHash, aHash, and neural perceptual hashes. If a newly uploaded image has a hamming distance of fewer than 12 bits from a known AI source in the reference set, it triggers an automatic label. This is why copying an image and re-saving it provides no protection—hash comparisons survive recompression.

What Gets Flagged: Real Examples

Based on documented moderation patterns and developer disclosures:

• A video uploaded to TikTok with c2pa:claim_generator set to "Sora 1.5" receives an automatic "AI-generated" badge within 90 seconds of upload.
• Instagram flags images where XMPToolkit is present alongside Generator field set to any model from Stability AI, Midjourney, or OpenAI.
• YouTube's Content ID extension checks for stEvt:action=owned entries in the XMP metadata that reference AI platforms.
• A TikTok Reel with missing GPSAltitude but present Make tag from a Samsung or Apple device enters manual review.

The common thread: every AI generation tool leaves traces. The question is whether those traces survive the file's journey from generation to upload.

The Durable Fix: Strip and Re-inject

Metadata stripping alone doesn't work because DCT analysis and embedding comparisons still detect AI origin. The only durable solution requires a two-step process that makes content forensically indistinguishable from genuine phone captures:

1. Strip all AI-origin metadata — remove C2PA blocks, XMP fields, EXIF GPS data, and any proprietary generator signatures. Use a tool that also normalizes DCT quantization tables to match standard camera output.
2. Inject clean phone identity — embed metadata that mirrors a specific device model (e.g., iPhone 16 Pro or Samsung Galaxy S25) with consistent GPS coordinates, timestamp sequences, and sensor calibration data that matches that device's known output characteristics.

The second step is the differentiator. Generic phone metadata is still flagged if the GPS coordinates are from a data center location, the timestamp format doesn't match the device's timezone offset, or the sensor model doesn't align with the claimed device generation. Clean injection requires matching real device fingerprints, not fabricating generic metadata.

For video content, the process also includes regenerating the motion vector metadata and audio codec timestamps to match the claimed device's encoding patterns—TikTok's detection specifically checks the moov/mvhd atom timestamps against the file's reported creation time.

Step-by-Step: Preparing AI Content for Platform Upload

1. Generate content with your AI tool of choice.
2. Run metadata stripping on the output file—remove all C2PA, XMP, and EXIF blocks.
3. Normalize DCT quantization tables to match a target device profile (e.g., iPhone 16 Pro uses quality level 92 with specific chroma subsampling).
4. Inject phone identity metadata: select a target device, populate Make, Model, Software, and sensor fields to match that device's known output.
5. Generate GPS coordinates from a plausible location—avoid data center coordinates.
6. Set timestamps with correct timezone offsets and plausible capture sequences.
7. For video: regenerate motion metadata and audio timestamps to match the device profile.
8. Verify with a detector tool before uploading.

Without this process, content remains detectable. The FMA's NZ$265 million figure will grow as detection accuracy improves—and as platforms face regulatory pressure to label rather than ignore AI content.

The window for easy bypass is closing. Platforms have built the forensic infrastructure. The remaining question is whether your content preparation pipeline has kept pace.

→ Try Calabi free at calabilabs.com — 10 cleans, no card.

Related reading

• Remove the Sora watermark
• How the Calabi Sanitizer pipeline works under the hood
• Spoof iPhone 15 Pro Max metadata