Scientists have designed a way to save our brains from fake AI videos

ETH Zurich engineers have designed a new chip that can shield visual reality from the manipulation of generative AI. Now we only have to implement it.

Visual truth is going down in flames, thanks to new generative AI models that produce synthetic media that looks indistinguishable from reality. But a team of university researchers has figured out a hardware fix that just might save us. Engineers at ETH Zurich have designed a working prototype of a camera that physically stamps a cryptographic seal of authenticity onto every photo or video right at the image sensor (electronic chip) that captures each photon from the actual world.

“Trust in digital content is eroding. We wanted to create a technology that gives people a way to verify whether something is genuine,” co-developer Felix Franke explained in a press release. This new hardware architecture fundamentally changes how we authenticate media.

Right now, the tech industry relies on a standard called C2PA—Coalition for Content Provenance and Authenticity—which is already available on some devices, such as high-end cameras from Leica, Nikon, Fuji, and Sony’s Alpha line. It also recently hit the mobile market natively with the Google Pixel 10.

This standard relies on the device’s main processor to stamp videos and pictures with a cryptographic seal that verifies their authenticity. When you see the picture or video in a C2PA-enabled player or on TV, the software can tell you it’s real. For example, if Meta enabled Instagram to read these C2PA labels, then a video in your feed could show that it’s trustable, just like your browser shows a little lock icon to indicate that there is a verified, secure connection with your bank.

Here’s how the current solution works: The camera lens captures a scene, translates the light into digital information, and shoots it down an internal wire to reach the main computer chip. It is only after the data finishes that commute that the processor slaps a cryptographic signature on the file.

But that tiny trip down the wire is a security liability. A sophisticated bad actor can intercept that internal cord, hijack the raw feed, and inject a completely synthesized video stream, producing a video that can be circulated as real. The phone’s main processor has no idea it is being lied to, so it blindly signs the fake footage, officially certifying any algorithmic hallucination as a verified fact. Would it be hard to do? Yes. But it is possible. 

ETH Zurich’s solution moves the security checkpoint directly to where the light enters, disabling the possibility of faking authenticity (unless you get Stanley Kubrick to direct your moon landing in a soundstage).

Ryan Coogler on how he became a creative leader

© Fast Company