Watermarkitects: Whose Pixel Is It Anyway?

Watermarkitects' Chrome extension w/ ChatGPT
Watermarkitects' Chrome extension w/ Perplexity
Terminal Output of Blind Detection Test
Image of 'Lenna' before and after watermarking to showcase imperceptibility of the watermark.
Adding the watermark in the frequency domain via discrete cosine transform (DCT).
Statistical detection of the watermark without the need of the original image (blind detection).
Difference image between original and watermarked image, highlighting pixel value differences between them.
Hard at work!!!!!

Inspiration

As AI image generation tools like GPT, Perplexity, and DALL·E explode in popularity, we’re seeing an overwhelming flood of AI-made images online. While it’s exciting to see what these models can create, it also opens up serious concerns: fake images, misinformation, and copyright issues. Existing watermarking solutions either aren’t strong enough (easy to remove) or need the original image to detect a watermark. We wanted to build something better: a solution that’s secure, imperceptible, tamper-resistant, and most importantly, doesn’t rely on having the original image to detect if it’s been watermarked.

Our Solution

We built a full-stack system that covers both watermarking and blind detection of AI-generated images:

DCT-Based Watermarking: We’re embedding watermarks directly into the frequency space of images using Discrete Cosine Transform (DCT). This approach makes the watermark more durable: it holds up against compression, resizing, and noise, and also allows for imperceptibility.

Chrome Extension for Real-Time Watermarking: We didn’t want this to just live in scripts or the command line. We built a Chrome extension that:

Lets anyone upload an image and check if it’s watermarked.
Actively scans web pages in the background for AI-generated images from tools like GPT and Perplexity, and watermarks them in real-time.

Technology Details

Image Processing: NumPy and OpenCV for handling computing DCTs, adding the watermarks, and PyTorch for our convolutional neural network to detect tampering with AI generated images.

Chrome Extension: Built with JavaScript, HTML, and CSS to create an interactive front end.

Backend: FastAPI to handle image processing pipelines, including watermark embedding and blind detection.

Challenges and Lessons

Extension Optimization: Running detection in real-time inside a browser was a challenge. We had to constantly monitor for changes in the DOM for a newly generated image which is passed to our backend for watermark processing. The actual of process of sending information to the backend was also difficult due to data format managing and handling CORS (Cross-Origin Resource Sharing, a mechanism that allows web applications on one domain to access resources of another domain) as a solution to the browser's Same-Origin policy.

Making Tamper Identification Work: Our goal was not only to detect if an image was AI-generated using the watermark, but also to identify whether it had been tampered with to avoid detectability. We started by going down a statistical route. Since DCT coefficients tend to follow a Laplacian distribution, we thought we could model the original distribution and then estimate what the untouched DCT coefficients would look like. Using some estimation techniques, we tried to reconstruct the expected original values and compare them to the actual values from the uploaded image.

However, in practice, the correlations just weren’t strong enough. Real-world images have so much variability that the statistical estimates couldn’t reliably tell us if an image had been tampered with or not. The noise overwhelmed the signal.

That’s when we pivoted to a CNN-based approach. We built a script to generate a dataset of about ~1000 images, and for each image, we created several tampered versions by adding noise, resizing, and compressing them to simulate real-world attacks. Then, instead of working directly with pixels, we fed the DCT coefficients of these images into our convolutional neural network.

By focusing on the frequency domain data, the CNN was able to pick up on subtle patterns and distortions that statistical methods couldn’t capture. This approach ended up giving us much better accuracy in distinguishing between tampered and original images.

What's Next For Watermarkitects?

Expand to Videos: Apply our watermarking and detection system to video content to combat AI-generated deepfakes.

Explore Alternative Transforms: Investigate Discrete Shearlet Transform (DST) and other transforms for even stronger watermarking.

Integrate with Social Platforms: Work towards integration with social media platforms to automatically flag AI-generated content.

References

[1] Secure spread spectrum watermarking for multimedia. (1997, December 1). IEEE Journals & Magazine | IEEE Xplore. https://ieeexplore.ieee.org/document/650120

[2] A statistical watermark detection technique without using original images for resolving rightful ownerships of digital images. (1999, November 1). IEEE Journals & Magazine | IEEE Xplore. https://ieeexplore.ieee.org/document/799882

Built With

Submitted to

CruzHacks 2025

Created by

image processing, learned what a div is

Pranay Jha
ucsd ece
- Learned about DCT transformations for the context of tamper resistant watermarking
- encryption of vendor signatures, learned hashing.
- resident chai-wala

Arnav Sharma
UCSC CS
Jaisree D.R.
Vincent Siu