Contents
The most reliable way to tell is to run the file through an AI-image detector and then read its answer through the detector’s known failure modes, not as a verdict. A detector does not see “AI.” It measures a faint production fingerprint left by the way the image was made, and that fingerprint is fragile. Knowing what each detector reads, and what erases it, is what separates a useful check from a coin toss.
What the detector is actually reading
An AI-image detector is not one method but a family of methods that share an interface. Each reads a different trace, and the trace is the whole game.
| Detector family | What it reads | Fragile to |
|---|---|---|
| Frequency | Periodic grid left by upsampling (Frank et al., ICML 2020) | Alias-free generators, resizing |
| Pixel CNN | A learned generator trace (Wang, Wang, Zhang et al., CVPR 2020) | Unseen generators, heavy compression |
| Feature-space | Where the image sits in a vision model (Ojha, Li, Lee, CVPR 2023) | Novel content, style shifts |
| Forensic | Compression and editing history (Kwon et al., IJCV 2022) | Re-saving, double compression |
The frequency family is the clearest illustration. Frank, Eisenhofer, Schönherr et al. (ICML 2020) found that “in frequency space, GAN-generated images exhibit severe artifacts that can be easily identified,” and traced those artifacts to the upsampling steps every generator uses to build a full-size picture. That regular grid is not visible to you, but it separates generated faces from real photographs almost perfectly when it is present.
The fingerprint is the signal, and it can vanish
The catch is that the same result inverts the moment the fingerprint is gone. When a generator is redesigned to suppress the upsampling grid, or when the image is simply re-saved, the frequency reader falls toward chance. Corvi, Cozzolino, Zingarini et al. (ICASSP 2023) measured this directly: social-media-style compression and resizing drop a spectral detector’s average accuracy from 70.5% to 52.7%, close to guessing. The detector did not get “fooled” in any clever sense. The thing it was built to measure was no longer in the file.
This is why the label alone is misleading. A detector that reads one trace can be confident and wrong, while a detector that reads a different trace looks at the same picture and disagrees. Testing five tools on the same 45 images, NewsGuard found at least one tool dissenting on 35 of them. Disagreement at that rate is not a bug in one tool. It is what happens when several narrow readers each report on a different, fragile signal.
The read that actually works
Because the fingerprint is fragile, the sequence matters more than the tool.
Start from the original file. A screenshot or a re-download has already been re-encoded, which blurs exactly what the detector was going to measure. Then drop it into a detector and read the confidence score rather than the headline word: “AI, 92 percent” and “AI, 51 percent” are different findings even though both say “AI.” Treat a borderline number as unresolved.
Next, account for the file’s history. If the image has been compressed or downsized, the detector’s answer is weaker than the number suggests, and it can fail in either direction. That failure mode has its own article, can AI images be detected after compression. Where a detector reads compression history rather than generation traces, as CAT-Net does (Kwon et al., IJCV 2022), the same re-saving that hides a generator can also confuse the forensic reader.
Then look off the pixels entirely. A provenance mark such as Content Credentials or a SynthID watermark, when present, is stronger evidence than any detector score, though most images carry no mark and an absent one proves nothing. A reverse image search can place the picture earlier than the event it claims to show, which can settle a case a detector cannot.
Finally, get a second opinion from a tool that works differently. Agreement between a frequency reader and a feature-space reader like Ojha, Li, Lee (CVPR 2023) means more than two readings of the same trace. The full step-by-step version of this procedure is in how to check an image for AI.
Why the confident cases still deserve doubt
Even a strong score can be wrong in both directions, and the reason is structural. The traces detectors read are narrow, and both real capture and ordinary editing can add or erase them. Grommelt, Weiss, Pfreundt et al. (2024) showed that popular detection datasets carry biases tied to compression and image size, which means a detector can learn to key on the wrong thing and then flag a genuine photo. So the answer to “how do I tell” is not a single tool. It is a read: use the original file, weigh the score against the file’s history, corroborate with a signal off the pixels, and stay honest about the images that sit at the edge of what these tools resolve. For what a score does and does not prove, see is this image AI-generated; for how far these tools can be trusted overall, see are AI detectors accurate.
Sources
- Frank, Eisenhofer, Schönherr et al. (2020). Leveraging Frequency Analysis for Deep Fake Image Recognition. ICML 2020.
- Wang, Wang, Zhang et al. (2020). CNN-generated images are surprisingly easy to spot… for now. CVPR 2020.
- Ojha, Li, Lee (2023). Towards Universal Fake Image Detectors that Generalize Across Generative Models. CVPR 2023.
- Kwon, Nam, Yu et al. (2022). Learning JPEG Compression Artifacts for Image Manipulation Detection and Localization. IJCV 2022.
- Corvi, Cozzolino, Zingarini et al. (2023). On the Detection of Synthetic Images Generated by Diffusion Models. ICASSP 2023.
- Grommelt, Weiss, Pfreundt et al. (2024). Fake or JPEG? Revealing Common Biases in Generated Image Detection Datasets.
- NewsGuard (2024). Leading AI Image Detection Tools Mislead Online Users, Often Declaring Authentic Content Fake.