Meta built an AI detection tool to catch images made by its new Muse Image generator, then failed a basic test with its own pictures. When those AI images were cropped, the tool missed more than half of them.
The finding comes from a Reuters analysis, reported by Gizmodo, of the detector Meta previewed this week alongside Muse Image, its first publicly available image model. Reuters ran 40 images through the tool and found it correctly flagged all 40 originals as AI-generated. But once those same images were cropped to roughly one-third to one-half of their original size, the detector failed to identify 55% of them. No other edits were made.
The whole system rests on an invisible watermark Meta calls Content Seal, which the company embeds in every image Muse Image produces. On its site, Meta says the signal is designed to survive when an image gets cropped, compressed, resized, or screenshotted. When asked about the results, Meta noted the tool is still a preview and said the watermark is built to hold up through common edits, but that the signal may be lost if an image is heavily cropped. That is the gap. Cropping is not an exotic attack. It is the first thing most people do to a photo before they post it.
Researchers who study this have been saying so for a while. Siwei Lyu, a computer science professor at the University at Buffalo who works on AI image forensics, told Reuters he had not tested Meta's tool but that watermark systems share a known weakness. "Watermark-based methods can be highly effective when the watermark remains intact, but any modification that removes or weakens the embedded signal — such as cropping, resizing, heavy compression, or editing — may reduce their effectiveness, depending on how the watermark is designed," Lyu said. Sarah Barrington, an AI researcher and Ph.D. candidate at the UC Berkeley School of Information, was more optimistic about the approach overall. "Like many preventive cybersecurity or physical security measures, it may not be fully watertight, but even if we catch only 90% of cases, that's still a great leap from 0," she said.
The label that shows up on your work is increasingly out of your hands, and it is built on machinery that is easy to break. Meta already auto-tags images across Facebook, Instagram, and Threads by reading industry metadata standards like C2PA and IPTC, which is how a portrait you retouched with Photoshop's Generative Fill can get stamped with an "AI Info" label you cannot remove. Those metadata signals are fragile in the other direction, too. Multiple analyses have found that major social platforms recompress uploads and strip embedded metadata in the process, which means the exact content that most needs a provenance trail is the content most likely to lose it. Content Seal was supposed to fix that by living in the pixels instead of the metadata. The cropping result shows the pixel approach has its own soft spots.
There is a real asymmetry buried in all this. A bad actor who wants to launder an AI fake into something that reads as real just has to crop it, and Meta's own numbers say that works about half the time. Meanwhile, an honest photographer who used a generative tool for a minor cleanup can get flagged and has no clean way to appeal. Meta is not the only company facing this dilemma. Google and OpenAI have both cautioned that their detection tools are not foolproof against people who alter images, and Google's SynthID takes a pixel-watermark route similar in spirit to Content Seal. Back in March, Meta's Oversight Board urged the company to put resources into more robust detection of misleading AI content. A tool that gives up when you crop a picture is not the answer that board asked for.
Join the Fstoppers community for free
-
Post comments and join in the discussions
-
Browse the site ad-free
-
Share your work and get featured in the community
-
Compete in the photo contests for fun and prizes
No comments yet