OpenAI Does Not Appear to be Applying Watermarks Honestly

When OpenAI launched Sora 2, they accompanied the release with a statement on "Launching Sora responsibly". The first bullet point of this statement reads as follows:

"Distinguishing AI content: Every video generated with Sora includes both visible and invisible provenance signals. At launch, all outputs carry a visible watermark. All Sora videos also embed C2PA metadata—an industry-standard signature"

I have been testing the C2PA metadata accompanied with Sora 2 videos, and to my understanding, this claim is false.

Sora 2 videos with visible watermarks

All users of Sora 2, except those with the $200/month "Pro" plan, are restricted to downloading videos with visible watermarks. An example of this can be seen below:

(Credit to OpenAI and @hellcat6969 on Sora)

As can be seen above, the video is prominently watermarked with a visible Sora watermark. However, I can't find any invisible C2PA data attached, as is claimed to exist by OpenAI.

Following OpenAI's own guidance, I tested for the C2PA metadata using the official Content Credentials "Verify" tool. The tool was not able to identify any metadata.

Above: The Verify tool is unable to identify any C2PA metadata associated with this video.

I also installed the official C2PA command line tool, and tried to verify for authenticity using this.

Above: C2PA command-line tool does not identify any metadata either.

Sora 2 videos without visible watermarks

It appears that, if a Pro user downloads a video without the visible watermark, then the invisible C2PA metadata is included. I tested this myself and got the following result:

Above: The tool does identify C2PA metadata, but only for videos that were downloaded from Sora **without** a visible watermark.

Is this dangerous at all?

It doesn't seem entirely ridiculous for OpenAI to omit invisible C2PA metadata on videos that already have a visible watermark, however it does raise the question "why not apply both?".

Feasibly, somebody could download a visibly watermarked Sora video, and crop it down to keep the watermarked parts out of frame. They would then have a zero-watermark and zero-metadata Sora video.

This would work, but would require cropping out a large proportion of the original video. It would also be pointless because, to my knowledge, it is quite easy to remove C2PA metadata anyway. If you Google "Erase C2PA Metadata", there are many website offering the service for free.

Conclusion

In summary:

OpenAI claims that "All Sora videos also embed C2PA metadata"
In fact, OpenAI only embeds C2PA metadata if a video is downloaded without visible watermarking.
This is probably not a great safety or misinformation concern, as C2PA metadata can be erased easily anyway.

Despite this not being a great concern, I still wanted to make this post to bring it to people's attention, as this seems like something that people should know about.

Disclaimer: The claims in this post are "to my knowledge", and I am not a cyber-security or cryptography expert. All claims are made according to the results of my testing using the Content Authenticity Verify and C2PA-rs tools. These tests were performed on videos downloaded using the Sora 2 web interface on Windows Desktop.

LESSWRONG
LW