惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threat Research - Cisco Blogs
博客园 - 聂微东
小众软件
小众软件
P
Proofpoint News Feed
Security Archives - TechRepublic
Security Archives - TechRepublic
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
TaoSecurity Blog
TaoSecurity Blog
博客园 - 司徒正美
罗磊的独立博客
N
News and Events Feed by Topic
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
S
Security Affairs
S
Security @ Cisco Blogs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The GitHub Blog
The GitHub Blog
月光博客
月光博客
S
Secure Thoughts
P
Proofpoint News Feed
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Forbes - Security
Forbes - Security
H
Heimdal Security Blog
W
WeLiveSecurity
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
L
LangChain Blog
T
The Blog of Author Tim Ferriss
NISL@THU
NISL@THU
Google DeepMind News
Google DeepMind News
Cloudbric
Cloudbric
H
Hacker News: Front Page
The Last Watchdog
The Last Watchdog
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cisco Blogs
博客园 - 三生石上(FineUI控件)
博客园_首页
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Schneier on Security
Project Zero
Project Zero
SecWiki News
SecWiki News
爱范儿
爱范儿
The Register - Security
The Register - Security
AI
AI
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Y
Y Combinator Blog
L
Lohrmann on Cybersecurity
Application and Cybersecurity Blog
Application and Cybersecurity Blog
P
Privacy International News Feed
J
Java Code Geeks
S
Securelist
C
Cyber Attacks, Cyber Crime and Cyber Security
V
Visual Studio Blog

Hacker News

Introducing Claude Opus 4.7 Qwen Studio The Future of Everything is Lies, I Guess: Where Do We Go From Here? GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis Moving a large-scale metrics pipeline from StatsD to OpenTelemetry / Prometheus GitHub - Nightmare-Eclipse/RedSun: The Red Sun vulnerability repository GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. GitHub - macOS26/Agent: Any AI, replaces Claude Code, Cursor, OpenClaw. Over 18 LLM providers (Claude, OpenAI, Gemini, Ollama, Zai, HF, Qwen) wired into a native Mac app that writes code, builds Xcode projects, bumps versions, manages git, automates Safari, use AppleScript, JS or Accessibility, extend Agent! w/ MCP Servers, run tasks from your iPhone via Messages. YouTube now lets you turn off Shorts I Made a Terminal Pager Burgers | マクドナルド公式 Commands — HackerNews CLI documentation ChatGPT for Excel PiCore - Raspberry Pi Port of Tiny Core Linux Live Nation illegally monopolized ticketing market, jury finds Google Broke Its Promise to Me. Now ICE Has My Data. Founding Engineer at Adaptional | Y Combinator CRISPR takes important step toward silencing Down syndrome’s extra chromosome GitHub - saffron-health/libretto: The AI toolkit for building reliable browser automations US v. Heppner (S.D.N.Y. 2026) no attorney-client privilege for AI chats [pdf] Unexpected €54k billing spike in 13 hours: Firebase browser key without API restrictions used for Gemini requests Retrofitting JIT Compilers into C Interpreters IPv6 – Google The Accursèd Alphabetical Clock Cybersecurity Looks Like Proof of Work Now Fragments: April 14 Cal.com Goes Closed Source: Why AI Security Is Forcing Our Decision | Cal.com - Scheduling Software for Online Bookings Laravel raised money and now injects ads directly into your agent When moving fast, talking is the first thing to break Too much Discussion of the XOR swap trick – Heather Cafe Introduction to Spherical Harmonics for Graphics Programmers The Grand Line Building a Z-Machine in the worst possible language High-Level Rust: Getting 80% of the Benefits with 20% of the Pain GitHub - duguyue100/midnight-captain: Inspired by Midnight Commander, tailored to my taste. How to build a `git diff` driver · Jamie Tanna | Software Engineer Center for Responsible, Decentralized Intelligence at Berkeley The Local Universe’s Expansion Rate Is Clearer Than Ever, but Still Doesn’t Add Up - A new synthesis of astronomical measurements confirms a persistent mismatch that could point to physics beyond current models The air throughout our homes is infused with microplastics. But there are things you can do to breathe less of them The disturbing white paper Red Hat is trying to erase from the internet – OSnews The Future of Everything is Lies, I Guess: Annoyances ‘Abhorrent’: the inside story of the Polymarket gamblers betting millions on war Productive procrastination — Max van IJsselmuiden maps, territory and LMs 447 Terabytes per Square Centimetre at Zero Retention Energy: Non-Volatile Memory at the Atomic Scale on Fluorographane Show HN: Pardonned.com – A searchable database of US Pardons 20 Years on AWS and Never Not My Job The Seasons are Wrong Artemis II crew splashes down near San Diego after historic moon mission We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs How a dancer with ALS used brainwaves to perform live On filing the corners off my MacBooks Installing every* Firefox extension OpenClaw’s memory is unreliable, and you don’t know when it will break Steve Blank Nowhere Is Safe Chimpanzees in Uganda locked in vicious 'civil war', say researchers watgo - a WebAssembly Toolkit for Go linux/Documentation/process/coding-assistants.rst at master · torvalds/linux GitHub - callumlocke/json-formatter: Makes JSON easy to read. Founding Product Engineer at Bild AI | Y Combinator A compelling title that is cryptic enough to get you to take action on it GitHub - Keychron/Keychron-Keyboards-Hardware-Design: Industrial design files for Keychron keyboards and mice. 100+ models with CAD assets in STEP, DXF, DWG, and PDF. Source-available, with commercial use allowed for original compatible accessories within the license terms. [ANNOUNCE] WireGuardNT v0.11 and WireGuard for Windows v0.6 Released 1D-Chess Helium Is Hard to Replace Cooperative Vectors Introduction | Evolve Keeping a Postgres queue healthy — PlanetScale Our response to the Axios developer tool compromise Do Americans read print books, e-books or audiobooks more? The Zettelkasten Method in Obsidian: A Practical Setup Guide Artemis II Is Competency Porn and We Are Starving For It WeakC4 Flight Viz — Cockpit View A Mexican surveillance giant you’ve never heard of is now watching the U.S. border Surelock: Deadlock-Free Mutexes for Rust RISC-V 101 – what is it and what does it mean for Canonical? | Ubuntu The Problem That Built an Industry How Much Linear Memory Access Is Enough? | Solidean Investigating Split Locks on x86-64 Simplest hash functions Sybilproof reputation mechanisms (2005) [pdf] What is a property? How Complex is my Code? Static code analysis in Kotlin — tools overview Toffoli gates are all you need PGLite evangelism dcmake: a new CMake debugger UI Clojure on Fennel part one: Persistent Data Structures Fragments: April 2 Python Release Python install manager 26.1 The Life and Death of the Book Review - Liberties Introducing Database Traffic Control — PlanetScale Bitcoin miners are losing $19,000 on every BTC produced as difficulty drops 7.8% God sleeps in the minerals Building slogbox Apple Silicon and Virtual Machines: Beating the 2 VM Limit Who was “Not Even Wrong” first? Pokemon Evolution Vs Darwinian Evolution The APL Programming Language Source Code
GitHub - wiltodelta/remove-ai-watermarks: CLI and library for removing visible (Gemini) and invisible (SynthID, C2PA, EXIF) AI watermarks from images
janalsncm · 2026-05-20 · via Hacker News

Remove visible and invisible AI watermarks from images generated by Google Gemini (Nano Banana), ChatGPT / DALL-E, Stable Diffusion, Adobe Firefly, Midjourney, and other AI models.

Strips SynthID, C2PA Content Credentials, EXIF/XMP "Made with AI" labels, and visible sparkle overlays — all in one command.

Features

  • Visible watermark removal — Gemini / Nano Banana sparkle logo via reverse alpha blending (fast, offline, deterministic)
  • Invisible watermark removal — SynthID, StableSignature, TreeRing via diffusion-based regeneration
  • AI metadata stripping — EXIF, PNG text chunks, C2PA provenance manifests (PNG / JPEG / AVIF / HEIF / JPEG-XL), XMP DigitalSourceType
  • "Made with AI" label removal — removes the metadata that triggers AI labels on Instagram, Facebook, X (Twitter)
  • Analog Humanizer — film grain and chromatic aberration to bypass AI image classifiers
  • Smart Face Protection — automatic extraction and blending of human faces to prevent AI distortion
  • Batch processing — process entire directories
  • Detection — three-stage NCC watermark detection with confidence scoring

Try it online — don't want to install anything? Use raiw.cc, a free web service powered by this library.

Examples

Before (Watermarked) After (Cleaned)
Before After

Supported models

AI model Visible watermark Invisible watermark Metadata Our approach
Google Gemini / Nano Banana / Gemini 3 Pro ✅ Sparkle logo ✅ SynthID v1 + v2 (default SDXL pipeline at native ~1024 px) ✅ C2PA + EXIF Alpha reversal + diffusion + metadata strip
OpenAI DALL-E 3 / ChatGPT ✅ C2PA manifest Metadata strip
OpenAI ChatGPT Images 2.0 (gpt-image-2) ⚠️ imperceptible pixel watermark (no public detector yet) ✅ C2PA manifest (verified) Diffusion regeneration + metadata strip
Stable Diffusion (AUTOMATIC1111, ComfyUI) ✅ DWT / steganographic ✅ PNG text chunks Diffusion regeneration + metadata strip
Adobe Firefly ✅ Content Credentials (C2PA) Metadata strip
Midjourney ✅ EXIF + XMP (prompt, model, seed) Metadata strip
StableSignature (Meta) ✅ In-model watermark Diffusion regeneration
TreeRing ✅ Latent space watermark Diffusion regeneration

Visible watermarks (logo overlays) are currently used only by Google Gemini / Nano Banana. Other services rely on invisible watermarks and/or metadata. Our diffusion-based regeneration works against any invisible watermark in pixel or frequency domain.

How it works

Removing the Gemini / Nano Banana sparkle watermark

Google Gemini (internally codenamed Nano Banana) adds a visible sparkle logo to generated images using alpha blending:

watermarked = α × logo + (1 − α) × original

We reverse this with a known alpha map (extracted from Gemini / Nano Banana output on a pure-black background):

original = (watermarked − α × logo) / (1 − α)

A three-stage NCC (Normalized Cross-Correlation) detector finds the watermark position and scale dynamically, so it works even if the image was resized or cropped. After removal, residual sparkle-edge artifacts are cleaned via gradient-masked inpainting.

Speed: ~0.05s per image. No GPU needed.

Removing SynthID and other invisible watermarks

Google embeds SynthID into every image generated by Gemini / Nano Banana. Other AI services use StableSignature, TreeRing, and similar schemes. These imperceptible frequency-domain patterns survive cropping, resizing, and JPEG compression.

The removal pipeline (default profile, SDXL):

image → resize to ~1024px (SDXL native) → encode to latent space (VAE)
      → add controlled noise (forward diffusion)
      → denoise (reverse diffusion, ~50 steps at strength 0.05)
      → decode back to pixels (VAE) → upscale to original resolution

SDXL is the default since May 2026: empirically defeats SynthID v2 on Gemini 3 Pro outputs, where the older SD-1.5 pipeline at 768 px did not. The SD-1.5 path was removed once it was verified not to handle v2.

Face Protection: before diffusion, YOLO detects people in the image and extracts them. After diffusion, the original faces are blended back with a soft elliptical mask to prevent AI distortion of facial features.

Analog Humanizer: optional film grain and chromatic aberration injection that makes the output indistinguishable from a photo of a screen, defeating AI-generated image classifiers.

Stripping C2PA, EXIF, and "Made with AI" metadata

AI tools embed generation metadata that social platforms use to show "Made with AI" labels:

  • EXIF tags — prompt, seed, model hash, sampler settings (Stable Diffusion, Midjourney)
  • XMP DigitalSourceTypetrainedAlgorithmicMedia tag used by Instagram, Facebook, and X (Twitter) to show "Made with AI"
  • PNG text chunks — ComfyUI workflows, AUTOMATIC1111 parameters
  • C2PA Content Credentials — cryptographic provenance manifests from Google Imagen, OpenAI DALL-E, Adobe Firefly

The cleaner parses each layer, removes AI-related fields, and preserves standard metadata (Author, Copyright, Title).

Installation

Recommended

Install as an isolated CLI tool — no need to manage virtual environments:

# Using pipx (https://pipx.pypa.io)
pipx install git+https://github.com/wiltodelta/remove-ai-watermarks.git

# Or using uv (https://docs.astral.sh/uv)
uv tool install git+https://github.com/wiltodelta/remove-ai-watermarks.git

To update to the latest version:

pipx upgrade remove-ai-watermarks

# or
uv tool upgrade remove-ai-watermarks

Install from repository

Prerequisites: Python 3.10+ and pip (or uv).

# 1. Clone the repository
git clone https://github.com/wiltodelta/remove-ai-watermarks.git
cd remove-ai-watermarks

# 2. Install the package in editable mode
pip install -e .

# Or, if you use uv:
uv pip install -e .

After installation the remove-ai-watermarks command is available system-wide.

Note: The base install covers visible watermark removal and metadata stripping. For invisible watermark removal (SynthID etc.), install GPU dependencies:

pip install -e ".[gpu]"   # or: uv pip install -e ".[gpu]"

Invisible watermark removal

Invisible removal uses diffusion models and a GPU for reasonable speed.

# On first run, the model (~2 GB) will be downloaded automatically.
# Device is auto-detected: CUDA (Linux/Windows) > MPS (macOS) > CPU.
# To force a device: --device cuda / --device mps / --device cpu

# Optional: set a HuggingFace token for gated/private models
cp .env.example .env
# Edit .env and set HF_TOKEN=hf_your_token_here

Developer setup

# Install with dev dependencies (pytest, ruff, pyright)
pip install -e ".[dev]"
# Or with uv:
uv pip install -e ".[dev]"

# Run tests
pytest

# Run linters
./maintain.sh

Usage

CLI

# Remove all watermarks from a single image (visible + invisible + metadata)
remove-ai-watermarks all image.png -o clean.png

# Process an entire directory
remove-ai-watermarks batch ./images/ --mode all

Individual commands

# Visible watermark only (Gemini / Nano Banana sparkle) — fast, offline
remove-ai-watermarks visible image.png -o clean.png

# Invisible watermark only (SynthID etc.) — requires GPU
remove-ai-watermarks invisible image.png -o clean.png --humanize 4.0

# Check / strip AI metadata (C2PA, EXIF, "Made with AI" labels)
remove-ai-watermarks metadata image.png --check
remove-ai-watermarks metadata image.png --remove

# Batch with a specific mode
remove-ai-watermarks batch ./images/ --mode visible

Python API

from remove_ai_watermarks.gemini_engine import GeminiEngine
import cv2

engine = GeminiEngine()
image = cv2.imread("watermarked.png")

# Detect
result = engine.detect_watermark(image)
print(f"Detected: {result.detected} (confidence: {result.confidence:.1%})")

# Remove
clean = engine.remove_watermark(image)
cv2.imwrite("clean.png", clean)

Metadata stripping

from remove_ai_watermarks.metadata import has_ai_metadata, remove_ai_metadata
from pathlib import Path

if has_ai_metadata(Path("image.png")):
    remove_ai_metadata(Path("image.png"), Path("clean.png"))

Requirements

  • Python ≥ 3.10
  • Visible removal / metadata: CPU only, no GPU required
  • Invisible removal: GPU recommended (CUDA or MPS), works on CPU (slow)

Troubleshooting

SSL certificate error (CERTIFICATE_VERIFY_FAILED):

# Install certifi (the tool auto-detects it)
pip install certifi

# macOS only: run the Python certificate installer
/Applications/Python\ 3.*/Install\ Certificates.command

First run is slow — this is expected. The tool downloads model weights (~2 GB) on first launch. Subsequent runs use cached models.

Credits

  • noai-watermark by mertizci — invisible watermark removal engine
  • GeminiWatermarkTool by Allen Kuo (MIT) — visible watermark removal algorithm
  • CtrlRegen by Liu et al. (ICLR 2025) — controllable regeneration pipeline
  • NeuralBleach (MIT) — analog humanizer technique

Roadmap

Tracked but not yet implemented:

  • SynthID-Image v2 automated regression test. The default SDXL profile defeats v2 per manual checks against the Gemini app's "Verify with SynthID" feature on a Gemini 3 Pro output (May 2026). An automated end-to-end test would need either programmatic access to the SynthID Detector portal (waitlist for media professionals and researchers) or an offline surrogate detector. Open.
  • AVIF / HEIF / JPEG-XL detection limits. Removal strips top-level C2PA uuid and JUMBF jumb boxes. EXIF/XMP boxes inside these containers are not yet scrubbed (PNG and JPEG are fully covered).
  • Video pipeline (noai-video): per-frame inpainting and tracking for Sora 2 dynamic logo, Veo 3.1 badge, Kling, Runway. Separate package, not folded into this repo.

Won't fix:

  • Nightshade / Glaze / PhotoGuard removal. These are defensive perturbations used by artists to protect their work from being scraped into AI training sets. Removing them attacks artists, not AI provenance. Out of scope.

Legal

Watermarking and provenance for AI-generated content is now regulated in several jurisdictions. The table below summarises the May 2026 status. None of this is legal advice.

Jurisdiction Instrument Status (May 2026) Relevance
EU AI Act, Article 50(2) Marking obligations postponed to 2 December 2026 under the December 2025 omnibus agreement. Code of Practice finalising May/June 2026. Removing mandated provenance markers with intent to deceive may be sanctioned under national implementations.
US (federal) COPIED Act Enacted 2025. Criminalises removal of provenance information with intent to deceive about content origin. The tool itself is lawful; usage may not be.
US (state) CA AB 2655, TX SB 751, similar In force. Content-specific (election deepfakes, sexual deepfakes). Not tool-specific.
China Deep Synthesis Regulation, 2025 updates In force. Mandatory visible label for AI content. Removal is an administrative offence.
UK Online Safety Act, 2025 transparency extension In force. Platform obligations, not user obligations.

Threat model

This tool defends already-distributed AI imagery against automatic detection systems (social-platform "Made with AI" labels, third-party classifiers, content-policy filters). It does not retroactively anonymise generation.

In particular, SynthID-Image v2 (Google, deployed October 2025 with Gemini 3 Pro / Nano Banana Pro / Imagen 4 / Veo) embeds a 136-bit payload (arxiv 2510.09263). The payload is believed to encode a user / session identifier. If the original watermarked file ever passed through a system controlled by the prompt originator (a saved Gemini account history, a screenshot uploaded to a Google product, a backup), Google retains the ability to link that original to the generating account. Stripping the watermark from a copy you possess does not erase Google's server-side record.

Use cases where the threat model fits:

  • You generated the image yourself, want to publish it as your own work, and accept the consequences if Google ever publishes their detector logs.
  • You are running a security / robustness evaluation.
  • You are preserving art or historical record against false-positive "AI-generated" labels.

Use cases where the threat model does not fit:

  • Generating an image, expecting that removing the watermark anonymises you to Google. It doesn't.
  • Distributing AI-generated content while claiming human authorship. The watermark is one of several traceability layers.

This tool is intended for legitimate purposes such as:

  • Privacy protection (removing metadata that leaks user account identifiers).
  • Art preservation and fair-use research.
  • Removing false-positive "Made with AI" labels from human-edited photographs.
  • Security research and watermark robustness study.

Removing AI provenance markers to misrepresent AI-generated content as human-created may violate the laws above, the DMCA, and platform terms of service. Users are solely responsible for ensuring their use complies with all applicable laws. The authors do not condone use of this tool for deception, fraud, or any activity that violates applicable laws or regulations.

License

MIT