Calabi Labs · Guide · 2026-06-18
A Pakistani clothing label called Wajayesha Official posted AI-generated images of Bollywood actor Alia Bhatt wearing their ethnic suits, making it look like she had modeled for their brand. The images spread across Instagram and Twitter, fans immediately called out the "cheap AI edit," and the brand faced intense backlash over using her likeness without consent. The scam didn't hold up because the AI images carried the exact invisible fingerprints that detection systems flag: embedded metadata identifying AI generation, encoder signatures like Lavc, missing GPS coordinates, and a file structure that screams synthetic origin rather than a phone capture. That's the layer platforms actually scan—and it's why this brand got caught within hours.
When someone generates an image with Midjourney, Sora, or any AI tool, the file doesn't just contain pixels—it carries a full metadata trail that forensic tools read before a human ever sees the content. The C2PA / Content Credentials standard embeds JUMBF atoms directly into compatible files: a cryptographic manifest listing the AI model used, generation parameters, and a "trainedAlgorithmicMedia" flag that explicitly says this came from an AI trained on scraped data. XMP metadata adds fields like DigitalSourceType: trainedAlgorithmicMedia, and video files add encoder fingerprints through Lavc or x264 SEI NAL units in the bitstream.
Platforms like Instagram, TikTok, YouTube, and Reddit run automated scanners on every upload. They check for three things most creators don't think about: metadata signals (C2PA, XMP tags, encoder names), perceptual hashes (pHash/fpHash signatures that match known AI datasets), and structural anomalies (missing EXIF fields like GPS coordinates, capture timestamps, and device Make/Model that a real phone would embed). An AI export from most tools is missing all of that phone-capture identity. It arrives as a file with no GPS, no capture timestamp, and a generator tag baked into the structure. That's a red flag the moment it hits a platform's scanner.
The Wajayesha brand's defenders online suggested the brand could have just cropped the visible flaws or screenshotted the AI images to strip some metadata. That doesn't work for a simple reason: the metadata and structural signals survive re-encode, and the pHash perceptual signature—calculated from the actual pixel patterns, not the file metadata—stays remarkably stable even across compression. Screenshots add a layer of compression artifacts but don't erase the underlying pattern match against known AI-generated image signatures. The C2PA manifest embedded in a JPEG or video doesn't get removed by cropping or re-saving. A platform scanning the file will still find the JUMBF atoms declaring AI origin. The only way to genuinely clean a file is to strip those signals at the source and inject authentic phone-capture identity before upload.
Calabi runs a three-stage pipeline on every upload. First, it strips: all JUMBF / C2PA atoms are removed, XMP AI flags like DigitalSourceType are deleted, generator tags and encoder fingerprints like Lavc are stripped from video bitstreams, and the entire metadata block is reduced from the typical 140+ tags on an AI export down to roughly 94 neutral structural tags with no AI signature. Second, it injects: Calabi embeds a real phone identity—iPhone 15 Pro, Pixel 8 Pro, or Galaxy S24 Ultra profiles—complete with Make, Model, Software version, GPS coordinates, and a capture timestamp. The encoder name changes from Lavc or an AI tool to a real phone's encoder. Third, it verifies: before download, you receive a forensic proof card showing exactly what was stripped and what was injected, readable by ExifTool—the same forensic tool newsrooms and platforms use to audit files.
The process takes one pass. Upload your AI video or image, the pipeline runs automatically, and you download a cleaned file with a phone-capture identity. No manual editing, no pixel changes, no inpainting—just a metadata and encoder identity swap at the file level. This is what the Pakistani label needed before posting: a file that would read as a genuine phone photo taken on location, not an AI export with a cryptographic manifest attached.
Does Calabi remove visible watermarks like a logo or the Sora sparkle?
No. Calabi works on the invisible metadata and encoder layer only—it does not edit pixels, remove visual marks, or reconstruct any region of an image. If there's a visible watermark on your AI export, cropping removes it before you upload. Calabi then cleans the metadata layer that survives cropping and would otherwise get you flagged.
Can a platform still detect my AI image after cleaning?
Calabi removes the primary detection signals: C2PA manifests, XMP AI flags, and encoder fingerprints that automated scanners specifically target. Results vary by platform and by the source model used—some perceptual hash matches may persist depending on compression and the specific AI tool. No tool can guarantee a platform will never flag a file, but stripping C2PA, XMP metadata, and encoder signatures removes the most common automated detection triggers.
What device profiles does Calabi inject?
Calabi supports profiles for real shipping phones including iPhone 15 Pro, iPhone 16 Pro, Pixel 8 Pro, and Galaxy S24 Ultra. Each profile includes the device Make, Model, Software version, GPS coordinates, capture timestamp, and the device's native encoder name. The file reads as a direct phone export, not an AI generation.
The Alia Bhatt case is a reminder that using someone's face digitally without consent isn't just an ethical line—it's a metadata and legal exposure. For creators using AI legitimately to produce original content, Calabi removes the invisible detection layer so your work posts like a normal capture. Try Calabi free at calabilabs.com — 10 cleans, no card.