cred-route

Scan an image URL

Paste a publicly reachable URL pointing to an image (JPEG / PNG / WebP / HEIC / AVIF). We fetch up to 12 MB, scan the bytes for a C2PA manifest, EXIF tags, and AI-generator hints, and return a verdict in seconds. No cryptographic verification — for full signature validation, use contentcredentials.org/verify.

Rate limits: 30 scans / IP / hour, 200 scans / day site-wide. All scans are public and appear under Recent scans.

Recent scans

The 50 most recent URL scans submitted by anyone. Click a row to view the full finding.

Known generators

Generators we know about, discovered from the C2PA conformance-public repo, the CAI / c2pa-org GitHub orgs, and from claim_generator strings seen in real user scans.

Verifier platforms

Platforms whose pages mention reading or displaying C2PA Content Credentials or SynthID watermarks. The reads_c2pa / reads_synthid columns are derived from references in the conformance docs we ingest; absence here means "we have not yet observed a public mention," not "doesn't support."

Open-source tools

GitHub repositories that read, validate, or emit C2PA / SynthID signals. Discovered live from the GitHub Search API.

News feed

Chronological stream of HN posts, arxiv papers, GitHub repo activity, and provider-page changes related to AI provenance signals.

Provider pages

Curated list of public announcement pages we hash-diff every 6 hours. When a page changes, we record an event and surface it in the news feed.

About cred-route

cred-route tracks the AI media provenance signal landscape: C2PA Content Credentials, Google SynthID, Meta IDC, EXIF "Made with AI" markers, and the open-source verification tools that read them.

Three pain points:

• Creators & marketers — will my ChatGPT image be auto-flagged on Google Search / Meta / X?
• Newsrooms — does this image carry a manifest? What generator?
• T&S engineers — which open-source library should we use to verify content credentials?

Data sources

• HN Algolia API — stories & comments about c2pa / synthid / content-credentials / watermarking
• arxiv API — recent papers on content credentials, SynthID, watermarking
• GitHub Search API — repositories tagged with c2pa / synthid / content-credentials
• c2pa-org/conformance-public — official conformant product walkthrough
• Curated provider pages (OpenAI verify, DeepMind SynthID, CAI, Adobe, C2PA, Meta, Google blog) — hash-diff every 6h

What the verdicts mean

• AI-PROVENANCE-STRONG — C2PA JUMBF manifest box detected. The claim_generator string identifies the producer. This does NOT cryptographically validate the signature — for that, use Adobe's verifier.
• AI-METADATA-WEAK — Either an EXIF/XMP/PNG Software field references a known AI tool, or no manifest but an AI-keyword match anywhere in the metadata.
• HUMAN-CAMERA-EVIDENCE — EXIF Make/Model is a known consumer camera (Canon, Nikon, Sony, iPhone, Pixel…). This is not proof of human capture; metadata can be forged.
• NO-MARKERS — No C2PA, no AI-keyword metadata. Either the image never had a marker, or it was stripped.

Scanner limits

30 scans / IP / hour, 200 scans / day site-wide. Files capped at 12 MB. We don't store the bytes — only the SHA-256 hash, content type, file size, and extracted strings.

Source

Open-source. holyai.me/cred-route