Trend report · hn_ai · 2026-06-10

Show HN: Publora – One API/MCP for AI agents to post across 10 social networks

When Publora launched on Hacker News, it solved an obvious problem: AI agents and automated workflows need to publish across multiple platforms without building ten separate integrations. But there's a challenge lurking beneath that convenience—one that every agent hitting publish needs to understand: platforms are getting significantly better at detecting AI-generated content, and they are doing it through multiple layers of metadata and signal analysis that go far beyond simple watermarking.

The 2026 Detection Stack: What Platforms Actually Scan

Modern social platforms employ a multi-vector detection approach that examines your media file from multiple angles simultaneously. Here's what that actually looks like in practice.

C2PA (Coalition for Content Provenance and Authenticity) is now embedded in the metadata pipeline of virtually every major platform. This open standard embeds cryptographically signed statements about a file's origin directly into the media. When you generate an image with Sora, DALL-E, Midjourney, or Stable Diffusion, these tools write specific C2PA manifests with fields like:

• c2pa.claim_generator — identifies the software (e.g., "Sora/1.0" or "Adobe Firefly 3.0")
• c2pa.actions — records each transformation, including the initial generation action with softwareAgent and parameters
• stds.schema-org.CreativeWork — human-readable provenance data

Instagram, TikTok, and YouTube all parse these manifests at upload. If the C2PA block indicates generation by a known AI tool, the content enters a secondary review queue.

AI-specific metadata fields extend beyond C2PA. Traditional EXIF headers are checked for:

• Software — values like "Midjourney" or "DALL-E 3" trigger flags
• Make/Model — unset or synthetic values (e.g., "digital camera" with no device serial)
• XPSComment or UserComment — often contain AI generation prompts
• ImageSource and DeviceSettings — absent data where data should exist

Encoder signatures are one of the least discussed but most reliable detection vectors. Every image encoder leaves subtle statistical fingerprints in the compressed output. These include:

• Quantization table patterns (for JPEG)
• Color space quantization anomalies
• Compression artifact distributions that differ from natural photography
• Specific patterns in the DCT coefficients that match known generative model outputs

Researchers and platform teams have built classifier models trained on these signatures. The patterns are subtle enough that humans can't see them, but a trained classifier can identify the generative model with high confidence.

Missing geolocation data has become a surprisingly strong signal. Real smartphone photos carry GPS coordinates, altitude, and precise timestamps. Photos taken with consistent GPS data over time establish a device "identity" on the platform. AI-generated images have no GPS data by default. When a photo appears without any location metadata after a long history of geotagged uploads, that's an anomaly the system flags.

What Actually Gets Flagged on Instagram and TikTok

The detection manifests differently on each platform:

On Instagram, you typically see reduced reach—not a hard block, but a shadowban that throttles distribution. The algorithm downranks content it suspects is AI-generated, especially in the Explore feed. Reels with detected AI content show 40-70% lower reach in documented cases. The platform uses a combination of C2PA parsing, EXIF analysis, and encoder fingerprinting.

TikTok takes a more aggressive approach with its "AI-generated content" label. When detected, TikTok automatically applies an AI label to the video, visible to all viewers. This appears as a badge reading "AI-generated" in the caption area. The label reduces engagement rates significantly—users are measurably less likely to comment, share, or engage with labeled AI content. TikTok checks both embedded C2PA metadata and runs content through a classifier trained on generative model outputs.

Both platforms also cross-reference upload patterns. If an account uploads 50 images in 30 seconds from a web interface, that's a signal. If those images all lack the expected device metadata, that's another signal. The signals stack.

The Durable Fix: Strip Everything, Then Inject

Most people try partial solutions—removing the C2PA block but leaving EXIF, or vice versa. This doesn't work because the encoder fingerprints remain. The detection systems are sophisticated enough that a single layer of protection is insufficient.

The only durable approach has two steps:

1. Strip all metadata completely — C2PA manifests, EXIF, XMP, IPTC, and any embedded thumbnails that might contain generation evidence. This removes the "what was this made with" signals.
2. Inject clean phone identity — Replace the missing metadata with realistic camera metadata that matches a real device. This includes proper EXIF fields for a plausible device, GPS data that is geographically consistent with the account's history, and a consistent software signature.

This approach works because it treats the problem holistically. You're not just hiding the AI generation—you're replacing the file's entire metadata identity with one that looks like it came from a real device, photographed by a real person.

Step-by-Step: How to Clean AI Content for Safe Posting

Here's the specific process for preparing AI-generated content for social platforms:

1. Remove C2PA manifests — Strip the c2pa namespace entirely, including any embedded JUMBF boxes. Tools like our Sora watermark removal guide cover this for specific tools.
2. Clear EXIF headers — Remove all tags including Make, Model, Software, DateTimeOriginal, GPSLatitude, GPSLongitude, and any ICC profile identifiers.
3. Re-encode the image — Decode and re-encode through a standard pipeline (libjpeg or similar). This normalizes the encoder fingerprint to a baseline that doesn't match known generative models.
4. Inject device metadata — Add realistic camera metadata: a plausible Make (e.g., "Apple" or "Samsung"), Model (e.g., "iPhone 15 Pro"), and Software (e.g., "Adobe Lightroom 7.4").
5. Add consistent GPS data — Include coordinates that make geographic sense. If the account has posted from San Francisco, the GPS should reflect San Francisco—not Tokyo.
6. Set realistic timestamps — DateTimeOriginal should be recent and fall within normal posting hours for the account's timezone.

The key insight is that each layer of metadata reinforces the others. A photo with perfect device metadata but no GPS looks suspicious. GPS without realistic device data looks suspicious. The metadata must form a coherent picture of a real device used by a real person.

This is exactly the approach we built into Calabi. We strip every trace of AI generation metadata, normalize encoder fingerprints, and then inject clean phone identity that makes your content look like it came from a real device.

→ Try Calabi free at calabilabs.com — 10 cleans, no card.

Related reading

• Remove the Stable Diffusion watermark
• How to post AI content on Instagram without getting shadow-banned
• Spoof Google Pixel 8 Pro metadata