Enhancing AI Safety & Control
Through our more than a decade of work focused on media provenance and authentication in collaboration with organizations like WITNESS, we have come to understand the threats, risks, and opportunities for cryptographic digital identity and chain-of-custody metadata and workflows. This work has been tested in legal, journalistic, humanitarian and cultural preservation contexts. The opportunity for positive impact in “trusting what we see”, is real and essential in this time of growing deepfakes and AI slop.
Given the speed of adoption of generative AI and Large-Language Model (LLM) or Large Video Model (LVM) tools across multiple industries, the Proofmode team felt compelled to find a way to improve safety, reliability, and trust for people relying on them for media analysis and processing. We aim to provide some amount of the safety, trust and transparency in autonomous multimedia operations that we have helped provide to human interactions. In addition, we seek to continue to enhance our existing Proofmode Capture and ProofCheck Verify & Analysis tools with features for specifying and inspecting advanced AI-related metadata.
Hallucinating Metadata
While it is well known that LLMs hallucinate, especially when they lack knowledge or have been prompted to always find an answer to keep the user engaged, it is less known that this extends specifically to image and video metadata. Very few LLMs have native capabilities to extract and analysis multimedia metadata, even the so-called “multimodal” models.
Sometimes the models will hallucinate a response when prompted to inspect metadata, and other times the model will attempt to generate code to run in local tools, which provides mixed results. In addition, loading entire images and videos into the model’s context window is a huge cost to token limits, and has a major impact on energy usage.
The Opportunity
What we have come to understand is that providing human rights researchers, journalists, scientists and others, intuitive natural language interfaces for interacting with complex metadata and large sets of media files is a compelling experience. In addition, automating some stages of a process, such as sorting, summarizing, vetting, and identifying, can greatly speed up the path between gathering evidence and seeking change or justice. While there MUST always be a human in the loop, the amount of time that human can be occupied with very low level tasks can be reduced. In addition, any operations an autonomous agent takes on behalf of a human, must have transparency through a trustworthy chain-of-custody and changelog.
What we have built
Blocking AI with C2PA Metadata
Our Proofmode Capture App integrates the C2PA standard, including support for the Training and Data Mining Assertion. With one tap of the “Block AI” option, all photos and videos captured will be embedded with a cryptographically signed directive that the media file is not to be used for data mining or machine learning.
Generative AI Detection in ProofCheck
In March 2025, we announced a new capability in our ProofCheck verification tool to inspect images and videos for signs of AI generation and manipulation.We provide a simple user experience, that processes all files locally without uploading, and looks for a wide variety of indicators of an AI fingerprint.
Teaching LLMs to Understand Provenance and Authentication
We have prototyped two limited open-source approaches to improve the capability of LLMs to interact with multimedia metadata, specifically metadata following the C2PA standard. We have built one specifically for Anthropic’s Claude and one for any system that supports the Model-Context-Protocol standard.
- Claude C2PA Skill: A Claude Skill for inspecting, analyzing, and signing media files with C2PA (Coalition for Content Provenance and Authenticity) metadata using the c2patool command-line utility.
- Proofmode C2PA MCP Server: A Model Context Protocol (MCP) server that provides comprehensive C2PA (Content Authenticity) verification capabilities through the c2patool command-line interface. This server enables LLMs, chatbots, and other MCP clients, both in the cloud AND local, to inspect, validate, and analyze media files for content authenticity metadata.
Combo Up with Other Skills and Tools
These C2PA skills and MCPs can be combined with a wide variety of other skills/tools, as well. For instance, there is already an EXIF MCP server that allows LLMs to also operate with EXIF multimedia metadata that exists in most JPEG images. There is also an OpenStreetMap MCP that allows for transforming latitude and longitude data often found in C2PA and EXIF into addresses and placenames. You can also use a tool like ImageIndexer, an entirely local multimodal visual language model to enrich labeling metadata and index images.
These capabilities together create a compelling media analysis pipeline, all running locally on a system, for autonomous, mass-scale processing of validated, verified media images and video.
An Example Session with Claude and the C2PA Skill
Below is a short sample session using Claude, focused on detecting provenenance, authenticating signatures to check for modifications, and understanding and verifying chain-of-custody, all through a natural language interaction.
> Tell me about the JPEG files in this folder.
● I'll search for JPEG files in the current directory and then tell you about them.
● Search(pattern: "*.jpg")
⎿ Found 0 files
● Search(pattern: "*.jpeg")
⎿ Found 0 files
● Search(pattern: "*.JPG")
⎿ Found 2 files (ctrl+o to expand)
● Search(pattern: "*.JPEG")
⎿ Found 0 files
● I found 2 JPEG files in this folder:
1. L1004063_VERIFIED.JPG
2. L1004063_VERIFIED_SIGNED.JPG
Based on the naming, it looks like you have:
- An original verified image
- A signed version of that image
The "_SIGNED" suffix suggests that the second file has been signed with C2PA credentials. Would you like me
to inspect these files to see their C2PA metadata and verify their content credentials?
> Yes
● I'll use the c2pa skill to inspect both JPEG files and tell you about their C2PA metadata.
⎿ Allowed 4 tools for this command
> The "c2pa" skill is running
⎿ Allowed 4 tools for this command
● I'll inspect both JPEG files to examine their C2PA metadata and content credentials.
● Bash(c2patool L1004063_VERIFIED.JPG)
⎿ {
"active_manifest": "5882574:urn:uuid:63326d61-0011-0010-8000-00aa00389b71",
"manifests": {
… +88 lines (ctrl+o to expand)
● Bash(c2patool L1004063_VERIFIED_SIGNED.JPG)
⎿ {
"active_manifest": "urn:uuid:1a84f24f-79bf-4152-bd3b-7cffed16abf6",
"manifests": {
… +54 lines (ctrl+o to expand)
● Excellent! Here's what I found about your JPEG files:
L1004063_VERIFIED.JPG
This is an original photo from a Leica M11-P camera with built-in C2PA support:
Content Details:
- Camera: Leica M11-P (Serial: 5882574)
- Lens: Summilux-M 1:1.4/35 ASPH.
- Captured: December 7, 2023 at 4:49 PM
- Location: GPS coordinates included (37°25'27.44"N)
- Author: Nico Koehler
- Copyright: Koehler 2023
Technical Info:
- Resolution: 5248 x 3472 pixels
- ISO 800, f/1.4, 1/90 sec, 35mm
- Camera firmware: 2.0.2RC
⚠️ Validation Issue: There's a data hash mismatch error, which suggests the file has been modified after
being captured by the camera, breaking the cryptographic integrity chain.
---
L1004063_VERIFIED_SIGNED.JPG
This is a re-signed version that documents the modification:
Provenance Chain:
- Has the original L1004063.JPG as a "parent" ingredient
- Documents that the file was edited with the description: "Added verification watermark to confirm
authentic camera source"
- Signed by: "C2PA Test Signing Cert"
- Claim generator: c2pa-skill-verification/1.0
Action recorded: c2pa.edited - Explicitly documents that this is an edited version
✓ No validation errors - This file has valid C2PA credentials for the editing action performed on it.
---
Summary: The first file is an authentic camera-captured image that has been modified (hence the hash error),
and the second file properly documents that modification by creating a new signed manifest with a
provenance chain back to the original.
You can see an additional sample session on our Gitlab project.
Private, Local Session with Ollama, Llama 3.1 and MCPHost
Here is another short sample session using Llama 3.1 locally, on-device via Ollama, and MCPHost for connecting models to MCP tools. Any model that supports tools can be used.
What is noteworthy about this is that the entire interaction is running locally, offline on a very typical laptop without a GPU. This setup is privacy-focused, allowing the analysis and processing of sensitive content, without relying on a commercial cloud. If a GPU is available, the size, power and speed of the local model would be vastly improved, but it is not required.
mcphost -m ollama:llama3.1 --config mcp.json
┃ ┃
┃ Model loaded: ollama (llama3.1) ┃
┃ MCPHost System (09:48) ┃
┃ ┃
┃ ┃
┃ Loaded 7 tools from MCP servers ┃
┃ MCPHost System (09:48) ┃
┃ ┃
┃ ┃
┃ ## Available Tools ┃
┃ ┃
┃ 1. c2pa__inspect_manifest ┃
┃ 2. c2pa__detailed_report ┃
┃ 3. c2pa__info_report ┃
┃ 4. c2pa__validate_with_trust ┃
┃ 5. c2pa__extract_certificates ┃
┃ 6. c2pa__show_manifest_tree ┃
┃ 7. c2pa__verify_external_manifest ┃
┃ MCPHost System (09:49) ┃
┃ ┃
┃ ┃
┃ can you summarize a detailed report of the c2pa info in this file: ┃
┃ /home/n8fr8/Downloads/testc2pa1762354008955.jpg
┃ Executing c2pa__info_report (09:52)
┃
┃
┃
┃ ┃
┃ Information for testc2pa1762354008955.jpg ┃
┃ Manifest store size = 128804 (2.72% of file size 4730718) ┃
┃ Validated ┃
┃ One manifest ┃
┃ ┃
┃ ┃
┃
┃
┃ Based on the tool call output, here's a summary of the detailed report:
┃
┃
┃
┃ • The C2PA information is stored in a file named "testc2pa1762354008955.
┃
┃ jpg" located at "/home/n8fr8/Downloads".
┃
┃ • The manifest store size is approximately 128804 bytes, which accounts
┃
┃ for about 2.72% of the total file size (4730718 bytes).
┃
┃ • The C2PA information has been validated.
┃
┃ • There is only one manifest associated with this file.
┃
┃
┃
┃ Note that the tool call output provides a detailed report of the C2PA
┃
┃ information in the file, but it's not possible to provide a more
┃
┃ specific summary without more context or additional information.
┃
┃ llama3.1 (09:52)
please provide a detailed report, and tell me about the make and model ┃
┃ of the camera, if there is on. ┃
┃ n8fr8 (09:54) ┃
┃ ┃
┃
┃
┃ Arguments: "file_path":"/home/n8fr8/Downloads/testc2pa1762354008955.jpg"
┃
┃ Executing c2pa__detailed_report (09:55)
┃
┃
┃
┃ ┃
┃ { ┃
┃ "active_manifest": "urn:uuid:6602535d-1204-4319-b14f-1b00a1f3efbc", ┃
┃ "manifests": { ┃
┃ "urn:uuid:6602535d-1204-4319-b14f-1b00a1f3efbc": { ┃
┃ "claim": { ┃
┃ "alg": "sha256", ┃
┃ "assertions": [ ┃
┃ { ┃
┃ "hash": "Y7RZtEYTGp6adGDLvCDKx9kh8LAtbPOggrwUmtcB3rs=", ┃
┃ "url": ┃
┃ "self#jumbf=c2pa.assertions/c2pa.thumbnail.claim.jpeg" ┃
┃ ... (truncated) ┃
┃ ┃
┃ ┃
┃ Based on the detailed report, here's what can be inferred: ┃
┃ ┃
┃ • The file is a JPEG image named "1762354008955.jpg". ┃
┃ • It contains metadata about the image, including: ┃
┃ • Author: Nathan Freitas (nathanfreitas@gmail.com ┃
┃ mailto:nathanfreitas@gmail.com) ┃
┃ • Date created: 2025-11-05T14:46:49Z ┃
┃ • Location: 42°19'43.108" N, -71°7'30.325" W ┃
┃ • The C2PA information includes: ┃
┃ • A manifest with a UUID (urn:uuid:6602535d-1204-4319-b14f- ┃
┃ 1b00a1f3efbc) ┃
┃ • Assertions about the image's creation, including actions taken by the ┃
┃ ProofMode app ┃
┃ • Hashes of the image data and other assertions ┃
┃ • The signature is verified as valid. ┃
┃ ┃
┃ Unfortunately, there is no information in the report about the make and ┃
┃ model of the camera used to take the photo. ┃
┃ llama3.1 (09:57) ┃
┃
Have thoughts? Want to learn more? Need help running this yourself?
We release this open-source code to move the state of the art forward, to get feedback on our premises, and to encourage others to share their ideas and work openly and freely.
We also have an amazing team of architects, developers, and designers with great experience in navigating the complexities of media provenance and authenticaion, especially in high-risk, high-threat scenarios.
Get in touch and let us know how we can help.
More News
See more-
DiVine Supports Proofmode
Vine is back, and this time with Proofmode
socialaidevelopersDec 1, 2025DiVine Supports Proofmode -
BASELINE: Native American Heritage Month
Native American Heritage Month.
baselineeventUSNov 15, 2025BASELINE: Native American Heritage Month -
BASELINE: Day of the Dead
Día de los Muertos - A Celebration of Life, Love, and Legacy.
baselineeventmexicoNov 3, 2025BASELINE: Day of the Dead
Build with Proofmode
Check out our open- source library. We offer free and commercial licenses, as well as integration services.
We offer integration services
Need assistance integrating our code into your software or app? Our team of experienced, reliable developers are ready to help.