The AI Trust Stack — Content, Personhood, and Agents in Three Layers
Why This Question Now
AI-generated content keeps growing. Images, video, voice, text — distinguishing what a person made from what a model made gets harder by the month. Two questions follow. “Did a person make this, or did an AI make this?” And one step deeper — “Who is the person behind this, or is an AI agent acting on someone’s behalf?”
An infrastructure layer that answers these questions automatically is breaking off into its own market. Watermarks, content-provenance standards, iris-based personhood verification, decentralized identity, deepfake-detection SaaS — all of them attack the same questions from different angles. The outline of this market came into view across a few weeks in early 2026.
What Happened in One Week
May 19, 2026, Google I/O keynote. Google DeepMind unveiled the SynthID Detector portal. SynthID is Google’s AI-content watermarking technology — it embeds an imperceptible signal into content at generation time and reads that signal later to determine whether it’s AI-made. The newly opened Detector lets users upload images, audio, video, or text snippets, and highlights which portions carry the watermark. In the same announcement, cumulative SynthID watermarking reached over 100 billion images and videos and 60,000 years’ worth of audio. OpenAI, Kakao, and ElevenLabs joined as adopters.
In the same window, the EU AI Act’s Article 50 enforcement date was confirmed for August 2, 2026. Article 50 mandates labeling of AI-generated content; non-compliance penalties reach €15M or 3% of global revenue. Sam Altman was reported to be evaluating World ID (iris-scan-based proof of humanity) and Apple Face ID as authentication candidates for OpenAI’s upcoming social network. Defakto closed a $30.75M Series B — the company operates in the Non-Human Identity (NHI) category, managing identity for AI agents, bots, and machines that act on behalf of humans.
These announcements look scattered, but they belong to the same picture. As AI-generated content becomes the default, trust is moving into a separate infrastructure market. This piece maps how that market is splitting, using data.
Market sizes → five layers → seven movements → five Big Tech camps → where VCs are betting → adjacent markets created by regulation → and the critics. The first piece of the series opens the map.
Markets First — Sizing Five Categories
AI trust infrastructure is already tracked as five distinct categories by market research firms.
| Market Category | 2026 Size | 2031–35 Forecast | CAGR |
|---|---|---|---|
| Fake Image Detection | $1.87B | $7.43B (2031) | 31.7% |
| Deepfake Detection | $0.6B (2025) | $15.1B (2035) | 37.2% |
| AI Detector | $0.98B | $7.84B (2035) | 26.0% |
| Deepfake Technology (overall) | $11.18B | $51.4B (2034) | 21% |
| Decentralized Identity | $7.4B (2026 est.) | — | — |
Growth rates land in the 21 to 37% CAGR (Compound Annual Growth Rate) range. Global SaaS CAGR sits at 13 to 15% over the same period — these markets are growing at more than double that pace.
Two drivers stand out. First, industrial use. Mordor Intelligence points to KYC (Know Your Customer) workflow upgrades in BFSI (Banking, Financial Services, Insurance) as the largest demand driver. Second, the absolute scale of the threat — the same report logs a +2,137% increase in face-swap fraud attempts over three years.
Regional split also matters. Asia Pacific’s fake-image-detection CAGR runs at 32.5%, the highest in the world. Within Asia Pacific, Korea already has mature identity verification and payment rails — Toss, KakaoBank, NICE, PASS — which means this wave maps directly onto a KYC 2.0 agenda in that market.
One Thing Worth Noting
All five markets grow on a different curve from AI revenue itself. Whether AI itself does well or stumbles, the volume of generated content keeps rising, and verification and authentication demand follows. The picks-and-shovels analogy VCs reach for fits this category closely. Capital that’s wary of betting on AI directly has a route here.
Five Layers — Where Each Player Operates
There isn’t one answer for how to establish trust. “Mark it at creation.” “Detect it after the fact.” “Authenticate the real, so the fake stands out.” “Stamp the file with metadata.” “Verify the actor before you look at the content.” Five approaches run in parallel.
Synthesizing the classifications used by CB Insights, Help Net Security, and Truepic’s own framing:
| Layer | Timing | Representative Players | One-line Take |
|---|---|---|---|
| Capture-time | At shooting / recording | Truepic, Sony Alpha, Canon EOS R, Nikon Z | Authenticate the real |
| Generation-time | At AI creation | SynthID (Google), OpenAI (adopter), ElevenLabs | Mark at creation |
| Post-hoc Detection | After release | Reality Defender, Sensity, Hive | Find it in the wild |
| Metadata / Cryptographic | External attachment | C2PA, Adobe Content Credentials | Stamp + sign |
| Identity | Actor verification | World ID, Privado, Indicio | Who made this? |
Each layer operates differently.
Capture-time means the camera firmware cryptographically signs the image the moment it’s taken — automatically stamping “this image was shot by camera X at time Y, and is original.” Sony Alpha, Canon EOS R, and Nikon Z added C2PA (Coalition for Content Provenance and Authenticity) compatible signatures via 2024 firmware updates. Truepic provides image-authenticity verification as a mobile SDK to insurance claims adjusters, court evidence workflows, and journalism. This is the inverse approach to AI detection — bind the original as the original.
Generation-time embeds an imperceptible signal into pixels, audio samples, or text token probabilities at the moment an AI model creates the content. SynthID is the flagship. As of Google I/O 2026, cumulative application exceeded 100 billion items. OpenAI adopted SynthID for image generation across ChatGPT, Codex, and the OpenAI API. ElevenLabs applies it to voice synthesis.
Post-hoc Detection analyzes content that’s already loose in the world. Reality Defender specializes in real-time monitoring of video conference streams — catching executive-impersonation deepfakes in live meetings. Sensity offers multi-layer forensic analysis to governments and enterprises. Hive packages detection as a SaaS API for media outlets and SMBs to integrate directly.
Metadata / Cryptographic attaches origin, generation time, tools used, and cryptographic signatures to the file’s metadata region. Think of photo EXIF data, but with anti-tamper signing built in. C2PA is the leading standard; adopters include Adobe Creative Cloud, Firefly, Microsoft Edge, BBC News, and the New York Times.
Identity verifies the actor rather than the content. World ID uses an iris scan to prove “this is a unique human” once, then issues a Proof of Personhood (PoP) token. The token is protected by ZKP (Zero-Knowledge Proof — a cryptographic technique that proves a fact without revealing the underlying information), preserving privacy. Privado and Indicio take the decentralized identity (DID) approach, letting people, organizations, devices, and AI agents all carry verifiable identity.
The five layers don’t act alone. Market consensus is moving toward “no single technique is sufficient.” The EU’s draft GPAI Code of Practice explicitly requires a multi-layered approach.
Seven Movements — Branches on the Same Picture
If the 5-Layer view sorts technical approaches, the next view sorts where the money actually moves. Seven distinct movements run in parallel on the same infrastructure.
Movement ① Provenance Standard War. C2PA (metadata-based) and SynthID (signal-embedded) solve similar problems at different layers. IPTC works on the press-photo metadata standard side, interoperating with both. C2PA membership grew from six founders in February 2021 to over 6,000 by January 2026. SynthID hit 100B items through an adopter model. Rather than one “winning,” they appear headed for coexistence at different layers.
Movement ② Identity-for-AI Agents. As AI agents pay and act on humans’ behalf, “which human authorized this?” needs to be answered. Per Aembit’s data, Non-Human Identity (NHI) is growing YoY (year-over-year) at +44%, with machine-to-human ratios reaching 144:1 in some environments. World ID Full-Stack Proof of Human, t54 Labs (an AI-agent payment and compliance startup), and Defakto cluster here.
Movement ③ BFSI KYC 2.0. Face-swap fraud’s +2,137% growth hits this market most directly. Banks, brokerages, and insurers are the primary buyers. Reality Defender and Sensity focus here. In Korea, identity verification and payment rails like Toss, KakaoBank, NICE, and PASS connect naturally to the next-generation KYC agenda.
Movement ④ Capture-Time Authentication. The inverse of AI detection. Truepic plus camera firmware from Sony, Canon, and Nikon. Journalism, insurance claims, and court evidence are the primary customers. The market is smaller than “spotting fakes,” but B2B revenue quality is generally rated higher.
Movement ⑤ Detection-as-a-Service API. Hive and Reality Defender package detection as SaaS APIs so SMBs and media outlets can integrate directly. Pricing mixes per-call fees with monthly subscriptions. The market is adjacent to content moderation SaaS.
Movement ⑥ Regulation and Co-Regulation. The EU AI Act Article 50 and the GPAI Code of Practice send the strongest signal. Korea’s AI Basic Act took effect in January 2026 and includes content-labeling obligations. The US, rather than passing a single federal law, is moving through state-level deepfake bills — California’s AB 730, Texas’ SB 751, New York and others.
Movement ⑦ Counter-trends. The shadow side of the same picture. Watermark removal and spoofing research runs hot in academia and hacker communities. arXiv 2505.23814, “Watermarking Without Standards Is Not AI Governance,” argues watermarking does not function as governance in the absence of standards. The World Privacy Forum has flagged the risk that C2PA metadata exposes identifiable author information. Open-source models like Llama and Mistral don’t carry watermarks at all, leaving a permanent bypass route.
Five Big Tech Camps — Who’s Pushing What Standard
Same movements, sorted by who’s pushing what.
| Camp | Content Track | Identity Track | Distribution Channel |
|---|---|---|---|
| SynthID | Google Account | Search · Chrome · Android | |
| Sam Altman · OpenAI | SynthID adopted for ChatGPT images | World ID | New SNS in development |
| Adobe · Microsoft | C2PA (open standard) | Entra ID | Creative Cloud · Office |
| Apple | Not disclosed | Face ID + Passkey | iOS ecosystem |
| Meta | C2PA adopted + own “Made with AI” label | Account-based | FB · IG · WhatsApp |
Standards look cooperative on the surface. Google and OpenAI both use SynthID. Adobe, Microsoft, and Meta have all aligned on C2PA. But distribution channels tell a different story. Google holds verification UX across Search, Chrome, and Android. OpenAI is building its own distribution channel with the new SNS. Adobe and Microsoft auto-embed inside the production tools. Apple holds OS-level authentication.
Standardization looks like cooperation at the surface, while adoption channels and verification UX get kept inside each camp’s own ecosystem.
One Thing Worth Noting
The piece most observers miss in this map is Apple’s silence. Apple has barely issued a public position on the content track. But it controls Face ID, Passkey, iCloud Photos, and camera firmware — meaning if it chooses, it can bundle capture-time + identity layers in a single move. The market is watching to see when that card gets played.
Where the Money Goes — VC Bets by Category
The 2024–26 funding flow shows capital concentrating more on the identity and agent tracks than on the content track.
| Round | Company | Amount | Category |
|---|---|---|---|
| Series B (2026) | Defakto | $30.75M (total $50M) | NHI lifecycle management |
| Seed (2025) | t54 Labs | $5M (Ripple · Franklin Templeton in) | AI agent payments & compliance |
| Strategic (2025) | Indicio | NEC X investment | Decentralized identity (people, orgs, devices, AI agents) |
Add Okta Ventures’ “2026 Identity 25”, announced in January 2026 — Okta formally established an Identity-for-AI category and named 25 companies it tracks. Help Net Security’s cyber-funding report from the same period flags capital concentration into AI security broadly.
The fact that Ripple and Franklin Templeton entered t54 Labs’ seed round is its own signal. Payment and asset-management infrastructure incumbents see AI-agent identity as an adjacent market — because if AI agents start paying on behalf of humans without traceable accountability, payment infrastructure itself shakes.
On the content track, Big Tech in-house R&D absorbs most of the capital. SynthID lives inside Google; C2PA is funded by member dues. The opening for outside VC is narrower than on the identity track. Reality Defender, Truepic, and Sensity — verification and capture startups — are the main outlets for external capital.
Adjacent Markets Created by Regulation — EU, Korea, US
Regulation creates markets directly. 2026–27 looks like the transitional period (the shift window) for global mandatory disclosure.
EU AI Act Article 50. Enforcement date August 2, 2026. Mandates machine-readable labeling on AI-generated images, video, and audio. Requires both watermarking and deepfake disclosure. Penalties run up to €15M or 3% of global revenue. The GPAI Code of Practice ships its final draft between May and June 2026 and explicitly requires a multi-layered approach combining watermarks, metadata, and labels. On May 7, 2026, the EU Council’s provisional agreement shortened the grace period for providers to implement transparency solutions to three months.
Korea AI Basic Act. Took effect January 2026. Includes high-risk AI classification, content-labeling obligations, and provider liability provisions. Labeling obligations were designed for EU interoperability. KOCCA (Korea Creative Content Agency) and the Korea Communications Commission are layering on guidance.
US state-level deepfake bills. Instead of a single federal law, state-by-state legislation is moving. California’s AB 730 covers election-related deepfakes, Texas’ SB 751 addresses non-consensual synthetic content, and New York’s law targets impersonation deepfakes. Scope differs, but all share a disclosure requirement.
The legislative form differs across regions, but the direction is the same — default labeling. Compliance consulting and solutions are swelling as an adjacent market. PwC and Deloitte have stood up AI Governance Advisory as a distinct category.
The Other Side — Why Watermarks Break
The shadow side of the same flow runs in parallel. Critiques don’t move in one direction either.
Standards-absence critique. arXiv 2505.23814, “Watermarking Without Standards Is Not AI Governance” (May 2026), argues that without shared robustness benchmarks, watermarking cannot function as governance. Firms can implement weak watermarking schemes and still claim alignment with policy language — compliance gaming becomes possible.
Structural-gap critique. arXiv 2603.26983, “Transparency as Architecture: Structural Compliance Gaps in EU AI Act Article 50 II,” analyzes Article 50’s four required criteria (“effective, interoperable, robust, reliable”) as not operationally defined. With the technical standards still under development, verifiability itself wobbles.
Privacy critique. The World Privacy Forum’s review of C2PA points to risks of leaking author identification, workflow tracking, and device metadata. The trade-off between provenance verification (public good) and author/device privacy is real.
Bypass critique. Open-source models — Llama, Mistral, Stable Diffusion, others — don’t carry watermarks. If only closed models watermark, a bypass route always exists. Watermark-removal research has reported 90%+ removal rates against some watermarking schemes.
All four critiques rest on the same assumption — watermarking alone is not governance. The direction they push is multi-layer (identity + metadata + capture + detection) plus standardized verification plus independent audit.
Closing — Three Directions on One Plane
Google takes the content track. Sam Altman takes the identity track. Adobe and Microsoft take the metadata track. VC capital concentrates on identity and agents. Regulation converges on default labeling. Critiques point to the limits of any single technique.
Bundled together — both camps and critics rest on the same assumption. When AI-generated content becomes the default, trust gets supported by a separate infrastructure layer. Content provenance, proof of personhood, agent identity — three tracks attack the same problem with different technologies.
The next four pieces drill into the map by track. The standards war (SynthID vs C2PA), the identity track (PoP + Agent Identity), the Deepfake $15B market, and the closing piece — AI governance heading down a different path from typical regulation.
References (Primary Sources First)
- Google Blog — “SynthID Detector — a new portal to help identify AI-generated content” (2026-05-19)
- Google Blog — “100 things we announced at Google I/O 2026”
- Mordor Intelligence — Fake Image Detection Market Report
- Fortune Business Insights — Deepfake Technology Market Size
- Market.us — Deepfake Detection Market, CAGR 47.6%
- CB Insights — Reality Defender, Truepic company profiles
- World.org — “Proof of personhood: What it is and why it’s needed” / “World ID Full-Stack Proof of Human”
- Yahoo Finance — “Worldcoin Jumps 16% After Report OpenAI Is Exploring Proof of Personhood”
- Aembit — “IAM for Agentic AI: The New Perimeter of Trust in 2026”
- Help Net Security — “Cyber valuations climb as capital concentrates, AI security expands” (2026-02-25)
- The Block — “Ripple, Franklin Templeton join $5 million seed round for t54 Labs”
- NEC Press — “Indicio secures investment from NEC X”
- artificialintelligenceact.eu — “Article 50 Transparency Guide”
- arXiv 2505.23814 — “Watermarking Without Standards Is Not AI Governance”
- arXiv 2603.26983 — “Transparency as Architecture: Structural Compliance Gaps in EU AI Act Article 50 II”
- World Privacy Forum — “Privacy, Identity and Trust in C2PA: A Technical Review”
- TechPolicy.Press — “What the EU’s New AI Code of Practice Means for Labeling Deepfakes”
Related Posts
SynthID vs C2PA — The Standards War in Adoption Data
The two dominant AI content watermark standards — SynthID and C2PA — adoption broken down by modality, timeline, and camp. Same trust problem at different layers, heading toward coexistence rather than displacement. Plus EU Article 50's operational gaps and compliance gaming scenarios.
The Identity Track — From Proof of Personhood to AI Agent Delegation
Proof of personhood and AI agent identity are two layers of the same track. World ID, Passkey, DID adoption curves + Defakto, t54, Indicio funding + payment network entries — the entire identity track in one piece.
Deepfake Detection $15B — Who Are the Real Buyers?
The real buyers driving Deepfake Detection toward $15B aren't security teams — they're BFSI KYC departments. Four-SaaS breakdown, Hong Kong incident impact, and the Korean KYC 2.0 mapping through data.