Content Provenance Infrastructure
Every piece of content
has a story.
We make it provable.
Verbitas attaches a cryptographic provenance record to any image, audio clip, or video at the moment of creation. Anyone downstream can verify where it came from and whether it has been modified. No account required to verify.
# Sign an asset with one curl call curl -X POST https://api.verbitas.io/v1/sign \ -H "Authorization: Bearer $VERBITAS_API_KEY" \ -F "[email protected]" \ -F "recipe=image-genai-v1" → 202 Accepted { "manifest_id": "01HXQ8M...", "status": "signed", "signals": ["c2pa", "watermark_trustmark"], "manifest_url": "https://verify.verbitas.io/m/01HXQ..." }
Creator: Acme Media GmbH
Tool: Stable Diffusion XL
Signed: 2026-05-09 14:32 UTC
C2PA 2.4 · TrustMark · Anchored
How it works
Four steps. Any content. Any scale.
Sign
Attach provenance at creation
When content is created — by a human, a model, or a pipeline — call the Verbitas API. We attach a signed C2PA manifest that records the creator, the tools used, and a tamper-evident hash of the content.
import verbitas manifest = verbitas.sign( "output.jpg", recipe="image-genai-v1" ) # manifest_url: https://verify.verbitas.io/m/01HXQ...
Watermark
Provenance travels with the content
The manifest is embedded in the file and stored in our index. If the metadata is stripped during distribution, the invisible watermark and perceptual fingerprint can recover it. Provenance persists through JPEG compression, cropping, and re-encoding.
# Watermark embedded at signing time # Survives: JPEG 50% quality · resize to 25% # crop 30% · format conversion # Engine: TrustMark (image) | AudioSeal (audio) # VideoSeal (video) | SynthID-Text (text)
Anchor
Immutable proof on Bitcoin
Manifest digests are batched into a Merkle tree and anchored to Bitcoin via OpenTimestamps and Arbitrum One. The on-chain record is opaque — 32 bytes, no PII, no asset content. Just mathematical proof of existence at a point in time.
# Anchor batch (hourly by default) merkle_root = build_tree(manifest_digests) ots_proof = opentimestamps.submit(merkle_root) arb_tx = arbitrum.submit(merkle_root) # Bitcoin block confirmation: ~60 min
Verify
Anyone can check. No account needed.
Drop any file into verify.verbitas.io or call the verify API. Verbitas returns a confidence-scored, multi-signal result: C2PA signature validity, watermark detection, fingerprint match, and blockchain anchor status.
curl -X POST https://api.verbitas.io/v1/verify \ -F "[email protected]" # → { "status": "verified_manifest_intact", # "confidence": 0.97, # "signals": ["c2pa", "watermark"] }
Scope of provenance
Honest about what we do — and don't — prove
Verbitas proves:
- Where content was signed — the creator identity registered with the signing certificate
- What tools were used to create or modify the content
- Whether the content has been modified since signing
- When it was signed (RFC 3161 timestamp)
- Whether the invisible watermark is present and intact
- Whether the content matches a previously indexed asset (soft-binding recovery)
Verbitas does not prove:
- Whether the depicted event is real or true
- Whether the content was created ethically
- Whether the signer is who they claim to be (we verify signer identity; not natural-person identity)
- Legal compliance with any regulation — that is the deployer's responsibility
- That unmodified content is safe, appropriate, or accurate
"This clarity is intentional. Provenance is about origin, not truth. A signed image from a trusted source is still only as trustworthy as that source."
Who it's for
Built for the people who make and move content at scale
Sign every AI output automatically
Stable Diffusion, ComfyUI, internal generation pipelines — Verbitas integrates via webhook or SDK. Every output gets a C2PA manifest and an invisible watermark before it leaves your system. One line of config.
Verify incoming assets before you publish
Wire photos, contributed videos, synthetic media — verify provenance before publication. Embed the verifier widget in your CMS. Know what you're publishing before your readers see it.
Track every asset through production
From creation to distribution, every asset carries a signed audit trail. Integrate with your DAM. Use BYOK KMS to keep signing keys under your control. Immutable append-only log for compliance.
EU AI Act Article 50 infrastructure
Article 50 of the EU AI Act requires AI providers to mark machine-generated content. Verbitas provides the technical measures: C2PA manifests + watermarks. We help you implement; legal compliance remains your responsibility.
Provenance in your app in 5 lines of code
REST API, Python / TypeScript / Go SDKs, MCP integration for Claude and GPT. Free tier: 1,000 operations per month. No credit card. OpenAPI 3.1 spec published. Ship provenance today.
Show provenance badges on content
Embed the Verbitas verifier widget on any content card. Let your users see where an image came from. One script tag, no backend required for read-only verification.
Pricing
Start free. Scale when you need to.
Developer
For solo developers and experiments
forever
- 1,000 signing operations/month
- All modalities: image, audio, video
- Managed KMS
- Public verification
- Community support
Growth
For startups and growing products
14-day free trial
- Unlimited signing operations
- All modalities + watermarking
- Managed KMS
- Webhook integration
- Email support · 24h SLA
Enterprise
For production deployments at scale
30-day trial
- Unlimited operations
- All modalities + soft-binding
- BYOK KMS available
- Blockchain anchoring
- Admin console + audit log
- Dedicated Slack channel
Self-hosted deployment is on our roadmap. Join the waitlist →
See full feature comparison →The provenance layer is ready. So are you.
Free tier. No credit card. OpenAPI 3.1 spec. Start signing in 5 minutes.