Trend report · gnews_detection · 2026-06-05

LGA launches video series to help councils tackle deepfake and AI disinformation - Public Sector Executive

The Local Government Association's new video series on deepfake disinformation arrives at a moment when platform detection has become simultaneously more sophisticated and more circumventable. In 2026, the question isn't whether platforms can detect AI content—they can—but whether the detection methods are robust enough to survive the countermeasures that are now standard practice in the field. Understanding what platforms actually scan for, and why stripping and injecting clean phone identity remains the only durable fix, requires getting into the technical weeds.

What Platforms Scan For in 2026

Modern AI content detection operates across four distinct layers. Each layer catches a different class of content, and understanding the failure modes of each explains why detection is easier to defeat than the headlines suggest.

Layer 1: C2PA Provenance Metadata

The Coalition for Content Provenance and Authenticity standard has become the backbone of platform authenticity verification. C2PA embeds cryptographically signed manifests directly into files using JUMBF (JPEG Universal Metadata Box Format). When a platform checks a C2PA-enabled image, it reads fields like c2pa.actions (which documents the editing history), c2pa.assertions (which contains claims such as "AI Generated" or "Original Capture"), and c2pa.hashed_uri (which links to external manifests).

The problem: C2PA signatures are strippable. A single pass through metadata removal software clears all JUMBF boxes. The manifest chain breaks, and the platform falls back to heuristic scanning. Adobe, Microsoft, and Intel have pushed C2PA adoption, but the standard requires creator cooperation. AI-generated content from open-source tools like Stable Diffusion or Llama generates no C2PA manifest at all.

Layer 2: AI Generator Metadata

Many AI image generators embed identifying strings in standard EXIF and XMP fields. You'll find Software: Adobe Firefly 3 in the EXIF Comment field, DreamWork: version 2.1 markers in PNG tEXt chunks, or Stable Diffusion strings embedded in JPEG COM segments. TikTok's detection pipeline includes signature matching against a database of over 40,000 known AI generator metadata patterns.

Instagram's automated systems look for these markers during upload processing. Content with recognized AI metadata strings receives a "AI-generated" label unless the user contests it—and contesting requires documentation most casual users don't have.

Layer 3: Encoder and Compression Signatures

Each video encoder leaves unique artifacts in the bitstream. H.264 and H.265 encoders have distinctive quantization tables, GOP (Group of Pictures) structure patterns, and motion estimation signatures. AI-generated video often exhibits telltale checkerboard artifacts in static regions or unnatural interpolation patterns during motion sequences.

Platform detection systems maintain models trained on compression artifacts from known AI generators. Run a video through Sora, Kling, or Pika, and the GOP patterns and quantization signature differ measurably from camera-captured content. Instagram Reels and TikTok both run compressed video through artifact classifiers before content goes live.

Layer 4: Missing GPS and Device Identity Signals

Authentic smartphone photos carry specific metadata that AI-generated content typically lacks. The fields that matter most:

• GPSLatitude, GPSLongitude, GPSAltitude — real location data from GNSS receivers
• DateTimeOriginal — the actual capture time (not just file modification time)
• Make and Model — specific device identifiers
• SerialNumber — camera or phone serial
• Burst capture sequences — authentic photos taken in rapid succession show micro-variations in angle and lighting that AI cannot perfectly replicate

When all these fields are absent or templated (e.g., generic "Apple" make with no serial), detection confidence increases significantly. Platforms flag content missing device identity signals for additional review.

What Gets Flagged on Instagram and TikTok

Based on documented platform policies and detection system behavior, the following scenarios commonly trigger flags:

• Images with recognized AI generator metadata strings in EXIF/XMP fields
• Videos with encoder signatures matching known AI generation pipelines
• Content with no GPS data but DateTimeOriginal present—suggesting manual metadata injection
• Sequential uploads with identical device metadata but different content
• Images where GPS coordinates place the content in a location inconsistent with the user's posting history

TikTok has been particularly aggressive with AI-generated content labeling. The platform applies "AI-generated" labels to content detected through any of these layers, and repeated flags can trigger reduced distribution or upload restrictions.

The Durable Fix: Strip and Inject

Given what platforms scan, the only reliable countermeasure is comprehensive metadata replacement. This isn't about deception—it's about ensuring content presents authentic provenance rather than confusing or missing signals.

The process works in two stages:

Stage 1: Strip

Remove all detectable AI fingerprints:

1. Clear all EXIF, XMP, and IPTC metadata fields
2. Remove JUMBF/C2PA manifest boxes entirely
3. Strip PNG tEXt, iTXt, and zTXt chunks that may contain generator strings
4. Remove JPEG COM segments and APP segments beyond APP0 (JFIF) and APP1 (EXIF)
5. Re-encode through a neutral intermediate format to break encoder signatures

Stage 2: Inject Clean Device Identity

Add authentic smartphone metadata that survives platform re-compression:

1. Generate realistic GPS coordinates consistent with plausible capture location
2. Set DateTimeOriginal to a reasonable timestamp in the past
3. Populate Make, Model, and SerialNumber with real device identifiers
4. Add GPSAltitude and GPSSpeed for additional authenticity signals
5. Set Software to a standard camera app identifier
6. Optionally inject a burst sequence flag if multiple uploads are planned

The key insight: platforms scan metadata during upload, but many fields survive re-compression. GPS data in particular persists through Instagram's JPEG re-encoding. By ensuring every metadata field is present, consistent, and plausible, you eliminate the signals that detection systems use to flag content.

For teams managing content pipelines at scale—political campaigns, corporate communications, public affairs—this metadata hygiene is operational necessity, not evasion. The LGA's concern about deepfake disinformation is valid, but the solution for legitimate content creators is ensuring their work presents clean, verifiable identity signals.

→ Try Calabi free at calabilabs.com — 10 cleans, no card.

Related reading

• Remove the Sora watermark
• How to post AI content on TikTok without getting flagged
• Spoof iPhone 14 Pro metadata