Most image-verification failures do not come from one missed clue. They come from a rushed workflow. Someone sees a striking image, checks one thing, then makes a claim much stronger than the evidence supports.
A better workflow is not glamorous. It is ordered, conservative, and designed to preserve what little evidence the file still carries. That matters even more now that synthetic images can look highly plausible and provenance signals may or may not survive distribution.
The thesis here is simple: a good authenticity workflow tries to avoid preventable mistakes before it tries to sound decisive.
Step 1: preserve the best version you have
If possible, keep the original file rather than a screenshot, thumbnail, or forwarded crop.
This is boring advice, but it matters because the very things people do casually during sharing can damage or remove useful evidence:
- metadata can be stripped
- provenance records may disappear from the visible file
- compression can alter pixel-level signals
- crops can remove contextual clues
If you start with a degraded version, your confidence should already be lower.
Step 2: ask what the image claims to be
Before you inspect details, define the claim.
Is the image being presented as:
- a real event photo
- a product shot
- documentary evidence
- creative concept art
- a meme or visual joke
This sets the burden of proof. A surreal artwork does not need the same standard as a supposed witness photo from a current event.
Step 3: check for provenance first, not last
If you have access to the file, look for Content Credentials or other provenance indicators early.
The C2PA explainer says Content Credentials can record origin, modifications, and AI involvement in a tamper-evident way. It also says provenance does not tell you whether content is true or factual, but it can help establish file history and integrity.
C2PA explainer
That makes provenance an efficient early filter. When present and intact, it can answer some history questions faster than pixel inspection alone.
Step 4: inspect metadata, but do not overclaim from it
If provenance is missing or incomplete, inspect basic metadata.
IPTC’s overview is a good reminder that metadata can include descriptive, rights, and administrative information, not just camera settings.
IPTC photo metadata overview
Look for:
- software identifiers
- device or workflow consistency
- timestamps
- editorial or rights information
But keep the caveat in view: metadata disappears all the time in ordinary sharing. A blank field is weak evidence. A suspicious software trail is stronger than absence.
Step 5: perform a disciplined visual review
Only now should you move into the familiar visual pass.
Use a checklist rather than intuition alone:
- anatomy: hands, teeth, eyes, symmetry
- function: straps, seams, railings, keyboards, interfaces
- physics: shadows, reflections, perspective, depth of field
- context: signage, symbols, language, situational plausibility
Kamali et al. provide a useful taxonomy for these clues, and their work also shows why visual review is helpful but not sufficient on its own.
Kamali et al., 2024
Step 6: if the stakes justify it, run a detector
Detectors are most useful when you treat them as one evidence source among several.
NIST’s Image-D challenge framing is instructive here: systems are evaluated by confidence scoring and metrics such as AUC, EER, TPR at selected false-positive rates, and Brier score. That is the language of uncertainty, not certainty.
NIST GenAI Image Challenge
So if you run a detector:
- look at the confidence level, not just the label
- check whether the tool explains its reasoning
- compare the detector’s explanation with your own observations
- do not let one score override clear provenance evidence
Step 7: test whether the file could simply be mislabeled
An authenticity workflow is not only about “AI or not.” Some of the most misleading images online are real images paired with false descriptions.
That means you should also ask:
- is the image old but recirculating as new?
- is it cropped to change meaning?
- is it a real photo presented as synthetic, or the reverse?
- does the caption claim more than the image itself supports?
This is why provenance, metadata, and contextual verification belong in the same workflow. A real file can still be used dishonestly.
Step 8: write down the narrowest defensible conclusion
This is the step people skip most often.
Do not jump from “some signals are suspicious” to “proven fake.” Instead, pick the narrowest conclusion the evidence supports:
- likely synthetic
- likely authentic
- authentic file, misleading caption
- insufficient evidence from the available file
That last outcome is not failure. It is often the correct result.
What this can and cannot tell you
What it can tell you
- how to order an image review so you lose less evidence
- when provenance should come before pixel inspection
- how to use detectors without outsourcing judgment to them
- how to leave room for ambiguity
What it cannot tell you
- that every suspicious image can be resolved from the file alone
- that missing metadata is a verdict
- that a detector score proves truth
- that all authenticity problems are really AI-detection problems
The disciplined close
The best workflow is the one that makes it hardest for you to fool yourself. That usually means preserving the file, checking provenance early, using metadata carefully, reviewing the image methodically, and leaving space for “not enough evidence” when needed.
If you want a browser-native second opinion after your own review, try the Detectiks extension or run a local scan on the home page.
Last reviewed
May 11, 2026.
