Open-source tool strips SynthID, C2PA, and Gemini watermarks from AI images

A new Python CLI called remove-ai-watermarks bundles techniques for erasing both visible and invisible provenance markers from images produced by Gemini, DALL-E, Stable Diffusion, Firefly, and Midjourney. Gemini’s sparkle logo is reversed mathematically through alpha-blend inversion guided by a normalized cross-correlation detector, running in roughly 50 milliseconds on a CPU. Invisible watermarks like SynthID, StableSignature, and TreeRing are defeated by routing the image through an SDXL diffusion round-trip at low noise strength, with YOLO-based face extraction preserving facial features that diffusion would otherwise distort.

The tool also scrubs the metadata layer that drives social platform AI labels — C2PA manifests, XMP DigitalSourceType tags, EXIF generation parameters, and PNG text chunks — while preserving author and copyright fields. An optional ‘Analog Humanizer’ adds film grain and chromatic aberration to evade AI-generated image classifiers downstream. The maintainers note SDXL replaced an older SD-1.5 pipeline in May 2026 after the latter failed against SynthID v2 on Gemini 3 Pro outputs.

The project is a direct counter to the industry’s push toward cryptographic content provenance, demonstrating how fragile both visible and frequency-domain watermarking schemes remain when an attacker controls the image post-generation. Coverage gaps remain for AVIF/HEIF/JPEG-XL sub-box scrubbing and video, and there is no automated regression test against SynthID v2 because the detector portal is gated.