No single method is foolproof. Visual inspection is becoming unreliable as generators improve. AI detection tools give probabilistic guesses. Metadata can be faked. The most reliable method is checking for C2PA Content Credentials - cryptographic proof of an image's origin that can't be forged. But most images don't carry them yet. The best approach in 2026 is to combine multiple methods, starting with the most reliable.
The problem is getting harder
Let's be direct about the state of things: it is getting genuinely difficult to tell whether an image was created by AI or captured by a camera. The generators - Midjourney, DALLĀ·E, Stable Diffusion, Flux, Adobe Firefly, Google Imagen - have improved to the point where photorealistic output is the default, not the exception.
Studies consistently show that humans perform little better than a coin flip when trying to distinguish high-quality AI-generated images from real photographs. The visual tells that were reliable two years ago - mangled hands, melting text, weird backgrounds - have largely been fixed. The most sophisticated generators now produce images with correct anatomy, coherent text, natural lighting, and physically plausible reflections.
This doesn't mean detection is impossible. It means the methods that work are changing. What used to be a visual problem is becoming a data problem - and the most reliable solutions are technical, not perceptual.
Here are the five methods available to you in 2026, ordered from most reliable to least.
This is the most reliable method available - and it's the only one that provides cryptographic proof rather than a probabilistic guess.
C2PA Content Credentials are metadata attached to an image at the point of creation, signed with a tamper-evident digital signature. If an image was captured on a C2PA-enabled camera (Nikon, Leica, Sony, Canon), the credentials prove it was a real photograph. If it was generated by a C2PA-enabled AI tool (OpenAI's DALLĀ·E, Adobe Firefly, Google Gemini), the credentials identify it as AI-generated. If the image has been edited, the credentials show what was changed.
How to check: Go to contentcredentials.org/verify and upload the image, or paste its URL. The tool will show you whether Content Credentials are present, who signed them, what software created the image, and whether it's been modified. You can also install the Digimarc Content Credentials Chrome extension to check images as you browse.
The reason this method ranks highest is simple: it's based on cryptography, not pattern recognition. Faking a valid Content Credential would require breaking the same encryption that secures online banking. No AI detection tool, no matter how advanced, can make that claim.
The limitation: Most images on the internet today don't carry Content Credentials. Adoption is growing rapidly - OpenAI, Adobe, Google, Nikon, Sony, Leica, Canon, and others now sign their outputs - but the majority of content was created before these implementations existed, or by tools that haven't adopted the standard yet. If an image doesn't have Content Credentials, it doesn't mean it's fake. It just means this method can't help with that particular image.
AI detection tools analyse the pixel-level characteristics of an image to predict whether it was generated by AI. They look for patterns in noise, texture consistency, frequency domain anomalies, and other statistical signatures that differ between photographs and generated images.
Popular tools: Sightengine, Copyleaks AI Image Detector, Hive Moderation, WasItAI, Illuminarty, and SynthID (Google's detector). Most offer free uploads for casual use and API access for integration.
How they work: You upload an image and the tool returns a confidence score - typically a percentage indicating how likely the image is to be AI-generated. Some tools also identify which generator was likely used (Midjourney, DALLĀ·E, Stable Diffusion, etc.).
The fundamental problem: These tools are in a constant arms race with the generators. Every time generators improve, detection tools need to be retrained. And the generators are improving faster. A tool that's 95% accurate today may be 80% accurate in six months as new generator architectures emerge. Tests consistently show that detection accuracy drops significantly on the latest-generation models.
The other issue is false positives. Real photographs - especially those with heavy post-processing, HDR, or unusual lighting - are regularly flagged as AI-generated. This makes the tools unreliable as a sole basis for judgment.
When to use them: As one signal among several, not as a definitive answer. If a detection tool says an image is 99% AI-generated AND you can't find it via reverse image search AND it has no Content Credentials AND the visual details seem off - that's a reasonable basis for skepticism. A detection score alone is not.
Every digital file carries metadata - information about how it was created. Photographs from real cameras typically include EXIF data: camera make and model, lens, aperture, shutter speed, ISO, GPS coordinates, and creation date. AI-generated images typically lack this camera-specific metadata.
How to check: Right-click the image file and look at its properties, or use an online EXIF viewer like Jeffrey Friedl's Exif Viewer, ExifTool, or Pic2Map. If the image has detailed camera data (specific camera body, specific lens, specific settings), it's more likely to be a real photograph. If the metadata is sparse or absent, it could be AI-generated - or it could be a real photo that's been re-saved, screenshotted, or had its metadata stripped.
The major caveat: Metadata can be trivially faked. Anyone can add EXIF data to an AI-generated image using free tools. And many legitimate photographs have their metadata stripped by social media platforms, messaging apps, or content management systems during upload. So the presence of camera metadata is a positive signal but not proof, and the absence of camera metadata tells you almost nothing.
Where metadata checking becomes more useful is when the metadata is internally inconsistent. If an image claims to be from a specific camera but the resolution, aspect ratio, or colour profile don't match what that camera produces - that's a red flag.
Reverse image search won't tell you if an image is AI-generated, but it can tell you if an image is being misrepresented. If someone claims a photo shows a specific event but the image actually appeared online years before that event - you've caught a fake, regardless of whether AI was involved.
How to use it: Upload the image to Google Images (click the camera icon), TinEye, or Yandex Images. These tools will show you other places the image appears online, often with dates. Google Lens can also identify objects and locations within an image, which helps verify whether a scene is plausible.
For AI-generated images specifically, reverse image search is less useful because truly AI-generated images are unique - they won't appear elsewhere unless they've already been shared. But if someone presents an image as "just captured" and reverse search shows it was posted months ago, that's immediately informative.
A useful complement: Reverse image search is most powerful when combined with other methods. Check for Content Credentials first (most reliable), then run a reverse search (catches misattribution), then check metadata (quick positive signal), then consider AI detection tools (probabilistic backup).
Two years ago, visual inspection was the primary method for spotting AI-generated images. Look for extra fingers, melting text, asymmetric faces, inconsistent shadows, warped backgrounds. Many of these tells have been significantly reduced in current-generation models, but some visual clues remain:
Text and writing. AI still struggles with text in some contexts, particularly small text, handwriting, and text at unusual angles. If words in a sign or document look slightly wrong - letter spacing is uneven, characters are subtly malformed - that's still a useful signal.
Texture consistency. AI images sometimes have an unnaturally smooth or uniform texture, particularly in skin, fabric, and natural surfaces. Real photographs have micro-variation and grain that generators can approximate but don't always replicate perfectly.
Background coherence. The main subject is usually well-rendered, but backgrounds can contain logical inconsistencies - architecture that doesn't make physical sense, objects that fade into abstraction, patterns that repeat in unnatural ways.
Reflections and physics. Reflections in eyes, mirrors, windows, and water are difficult for generators. If the reflection doesn't match the scene, or if lighting and shadows are inconsistent, that's a tell. But this requires careful examination and some expertise in photography.
The uncomfortable truth: These visual tells are becoming less reliable every month. The latest versions of Midjourney and Flux produce images that professional photographers have difficulty distinguishing from real photographs. Visual inspection is becoming the weakest method, and relying on it alone is increasingly risky. It's still worth doing as a quick first check, but it should never be your only method.
Comparison: which method to use when
| Method | Reliability | Speed | Best for |
|---|---|---|---|
| C2PA Content Credentials | High (cryptographic) | 30 seconds | Images from major platforms and cameras |
| AI Detection Tools | Moderate (probabilistic) | 30 seconds | Any image, as supporting evidence |
| Metadata Check | Moderate (fakeable) | 1 minute | Quick screening for camera data |
| Reverse Image Search | Situational | 1 minute | Catching misattribution and recycled images |
| Visual Inspection | Low (declining) | Instant | Quick first impression only |
The recommended workflow
When you encounter an image you want to verify, here's the most efficient approach:
Step 1: Check for Content Credentials. Visit contentcredentials.org/verify and upload the image. This takes 30 seconds and gives you the most definitive answer available. If the image has valid credentials, you're done - you know where it came from and how it was created.
Step 2: If no credentials are found, run a reverse image search. This catches the most common form of visual misinformation - real images used in the wrong context. If the image has appeared elsewhere with a different caption or date, that's immediately informative.
Step 3: Check the metadata. Look for camera-specific EXIF data. Its presence is a moderate positive signal. Its absence is inconclusive but worth noting.
Step 4: Run it through an AI detection tool. Use this as supporting evidence, not as a verdict. If the detection tool flags the image AND the previous steps didn't find any provenance data - your confidence that the image may be AI-generated increases.
Step 5: Look at the image carefully. Check text, reflections, background consistency, texture. This is your final gut check, not your first line of defence.
No single step is definitive (except a valid Content Credential). But multiple steps pointing in the same direction give you a reasonable basis for judgment.
Even after all five steps, you may not be able to determine with certainty whether an image is AI-generated. That's the honest reality in 2026. The generators have become too good for any method (other than cryptographic provenance) to be fully reliable. This is precisely why the movement toward mandatory Content Credentials - where AI tools sign their outputs at the point of generation - is so important. The long-term solution isn't better detection. It's better provenance.
Where this is heading
The trajectory is clear: visual inspection and even AI detection tools are in a losing race against improving generators. The more sophisticated the generators become, the harder detection gets. This is a fundamental asymmetry - it's always easier to generate than to detect.
The industry's response is shifting from detection to provenance. Rather than trying to tell after the fact whether an image is AI-generated, the approach is to ensure that AI-generated images are labelled at the point of creation. This is what C2PA Content Credentials do, and it's why major AI companies (OpenAI, Adobe, Google, Stability AI) are now signing their outputs.
Regulation is accelerating this shift. The EU AI Act requires AI-generated content to be labelled in a machine-readable format. Similar requirements are emerging in the US, UK, China, and other jurisdictions. As these mandates take effect, the percentage of AI-generated images carrying provenance data will increase significantly.
In the meantime, the practical reality is that you need multiple methods working together. Content Credentials when they're available. Detection tools as supporting evidence. Reverse search for context. Metadata for quick screening. And visual inspection as a rapidly-depreciating last resort.
The future of image verification isn't about training your eye to spot AI artefacts. It's about infrastructure - cryptographic systems that prove where content came from before you ever need to guess. C2PA is that infrastructure, and every major technology company in the world is building toward it.
This guide is maintained by the C2PA.ai editorial team. Last updated March 2026. Contact us with corrections or suggestions.
Further reading: What Is C2PA? The Complete Guide Ā· C2PA for Photographers Ā· C2PA FAQ