How it works
Five signals.
One verdict.
Trustmarc runs every file through five independent checks and combines them into a single trust verdict. Here is exactly what happens when you drop a file.
01
C2PA provenance check
We look for a C2PA cryptographic signature embedded at the moment of capture. If present and intact, we know the file has not been altered since it left the original device. If the signature is missing or broken, we flag it.
Coalition for Content Provenance and Authenticity02
EXIF metadata analysis
Every real camera embeds metadata at capture — device model, lens data, timestamp, GPS coordinates, camera settings. We extract and cross-reference these fields. Inconsistencies between them are a strong signal of manipulation.
Exchangeable image file format03
AI generation detection
We run the file through Hive AI's detection model, which scores the probability that the image was generated by an AI system such as Midjourney, DALL-E, or Stable Diffusion. The score is one input — not the final verdict.
Hive AI API · Independent model04
Error level analysis
We generate a compression anomaly heatmap. Genuine photographs show uniform compression throughout. Images that have been composited or edited show bright regions where the compression signature changes — a reliable indicator of manipulation.
ELA · Compression forensics05
File fingerprint
We generate a SHA-256 hash of the file. This creates a unique permanent identifier. If the file is ever submitted again by anyone we can confirm it is the identical file with an identical result. Useful for legal and editorial audit trails.
SHA-256 · Cryptographic hashThe three verdicts
Verified
This media is authentic
C2PA signature intact · EXIF data consistent · AI probability low
No post-capture modification detected · Origin confirmed
No post-capture modification detected · Origin confirmed
Modified
This media has been altered
Original capture detected · Post-capture edits found
Software used, edit count, and modification timestamps shown
Software used, edit count, and modification timestamps shown
Synthetic
Likely AI generated
No origin signature · High AI generation probability · No camera metadata
Dimensions consistent with known AI output sizes
Dimensions consistent with known AI output sizes
A note on privacy
Trustmarc never stores your files. Verification is stateless — your file is processed in memory and immediately discarded. We retain only the SHA-256 fingerprint and the verdict, never the file itself. No account is required.