Too many fingers? Three-mile stares? Weird text? There are plenty of tell-tales that have made spotting AI images straightforward since the “early days” of image generation in 2021-2024. But in late 2024, major models started to show noticeable improvements, and by January 2026 I’d bet that the average online viewer can no longer reliably spot real from fake.
Want to test the theory?
I first published my “Real or Fake” game in late 2024. In the past twelve months hundreds of thousands of people have attempted the game, and only a rare few have scored 10/10. I’ve run it live with entire schools, and seen it shared worldwide. It’s a simple but surprisingly tough game. And it just got harder.
Try out the latest version, and then continue reading this article to learn more about AI generated images and the future of synthetic media.
Leaving the uncanny valley
So what has happened between 2024 and 2026 that has made it so much harder to spot AI generated images and deepfakes? And what are technology companies, governments, and authorities planning to do about it?
First, the technical changes.
Certain platforms, such as the popular Midjourney (now also embedded in Meta products), have led the pack for a while. But they often have a “look” described as glossy, overly perfect, and obviously artificial. While it is possible to use more detailed prompts to generate less polished images, the default output of models like Midjourney typically look like this:
Midjourney v7: “photograph of a man”, “photograph of a woman”
Visually interesting, maybe, but hardly representative of an average photograph of a real human. These staged, portrait style photos have come to dominate online media, flooding websites, news articles, and advertisements. Even worse are those generated by ChatGPT, which are still ludicrously stereotypical…
But in late 2025, Google – who up until then had been plodding along with their various image models – surprised everyone with the oddly named Nano Banana, and then Nano Banana Pro.
The Nano Banana models broke from the trend of glossy AI images, producing much more realistic and less uncanny images of people. Here are two attempts at the simple “photograph of a man” and “photograph of a woman” prompts, using the most recent Nano Banana Pro model:
The level of detail is impressive, as is the more realistic and natural composition. But what I find most interesting is that Google has obviously shifted towards creating not just realistic, but almost real images. It is very difficult to replicate this style in other image generators. In all of my attempts in Midjourney, ChatGPT, and elsewhere, I get very “women laughing alone with salad” vibes.
In my updated Real or Fake game I used a mix of Google’s Nano Banana Pro and Midjourney v7. For images of people, I think that Nano Banana has well and truly left the uncanny valley of glossy AI portraiture, and I believe that other developers will follow suit as soon as they figure out how.
One of these images was generated by Nano Banana Pro. I’ll leave it to you to try out the updated game and figure out which:
How do we protect ourselves against AI generated images?
I believe we’ve passed the point (some time ago) where the average internet user can reliably identify fake images by eye. The tell-tale signs of distorted features, fingers, and faces have more or less been resolved, and the “too perfect” qualities of Midjourney-style images will similarly fade away as Nano Banana style outputs become more popular.
So how do we know whether images are AI generated? There are some measures being put in place by technology companies to identify AI media, including image, video and audio. One of the most commonly adopted is the Content Credentials initiative from the Coalition for Content Provenance and Authenticity, or C2PA.
C2PA is a coalition of organisations led by technology and media companies including Adobe, Microsoft, OpenAI, Meta, and the BBC. It has produced open standard Content Credentials, which can be adopted by developers and incorporated into AI products.
The Content Credentials specification works by attaching a tamper-evident digital “receipt” to media files like photos, videos, and documents that records their history. When content is created or edited, the software creates a manifest containing “assertions” (statements about what happened, like “photo taken with this camera” or “cropped and colour-corrected”), then digitally signs this package using cryptographic keys—much like how a notary stamp proves a document’s authenticity.
The system chains these records together, so if someone edits a photo that already has provenance data, the new manifest includes the original as an “ingredient,” preserving the full history. A cryptographic hash (a unique fingerprint of the file’s contents) is computed and included, which means any tampering with the actual pixels or data will be detectable because the fingerprint won’t match anymore.
When you later view the content, validator software checks that the signatures are valid, the hashes match, and the signing certificates are trustworthy. If everything checks out, you can see who created or modified the content and how, helping you decide whether to trust what you’re looking at.
As an example, here’s what happens when you drop one of the ChatGPT created images from above into the “verify” application at contentcredentials.org:
It’s not a great deal of information, but it does tell us the basic provenance of the image. Note how it identifies the “app or device used” as Truepic Lens CLI in Sora: Truepic Lens is actually the software development kit (SDK) that OpenAI has used inside its Sora platform, which is technically the application used to generate both images and videos when you use ChatGPT.
If I take an image generated in ChatGPT and use it with another C2PA-using organisations product, I get a “chain” of provenance. Here’s the other ChatGPT image, but this time edited in Adobe Firefly using their Google Nano Banana integration:
This time the chain is slightly more complex, and the verify app will attempt to unpick the different stages. It has correctly identified that the AI tool used was Gemini Flash (the other, less fruity name for Nano Banana) within the Adobe Firefly app.
Unfortunately, an obvious drawback of this kind of standard is that it only works if a developer adopts it and integrates it into their software. Midjourney (and many other image generators) are not part of the C2PA, and therefore do not register in the Content Credentials verify app.
And there are other technical standards competing for attention. While Google is a C2PA steering committee member, they are also working on their own verification method called SynthID. SynthID applies an invisible watermark to the image or video data, which can then – in theory – be identified in Google Gemini. In my experience, however, it simply does not work when the image has been altered in any way: a technical limitation that these companies are working on, but haven’t yet cracked.
Here’s an unedited Nano Banana image, re-uploaded to Google Gemini:
But here’s the other image, cropped in the MacOS Preview app and saved as a new file:
Gemini hallucinates a lengthy response, incorrectly arguing why the image definitely wasn’t created by Google AI.
So, if developers can opt out of using Content Credential standards, and digital watermarks like SynthID can be beaten by simply duplicating and editing the file, then what’s the point?
Content Credentials and the like offer users a way to legitimise the use of AI images, essentially saying “yes, I used AI to create this image, and if you want you can check out my workflow.” They are not designed to stop people from misusing the technology, but to allow for “appropriate” use. It means that a media organisation like the BBC could, if they chose, deliberately use AI-generated media in the future without being accused of using AI images deceptively.
Stay up to date with news and teaching resources about deepfakes, AI generated images, and other GenAI content.
Join thousands of educators for the weekly newsletter:
Changing laws and challenging tech companies
Over the past year, governments worldwide have moved aggressively to regulate deepfakes and AI-generated content. In the United States, federal law now prohibits the nonconsensual publication of explicit deepfakes and requires platforms to remove such content within 48 hours of a report. At the state level, the response has been dramatic: 46 states have now enacted legislation targeting AI-generated media, with Pennsylvania and Washington State both introducing criminal penalties in mid-2025 for creating or distributing deepfakes with fraudulent or harmful intent.
The EU AI Act, which entered into force in August 2024, has begun outlawing the worst cases of AI-based identity manipulation and mandating transparency for AI-generated content, with full enforcement coming in August 2026. France criminalised non-consensual sexual deepfakes in late 2024, with penalties of up to two years imprisonment and €60,000 fines, while the UK’s 2025 amendments to its Online Safety Act now target creators of explicit deepfakes directly. Denmark has taken a novel approach, proposing copyright-style protections that would give people legal ownership rights over their own face and voice; a framework some argue could prove more effective than criminal penalties since platforms have shown they respond more quickly to copyright claims than privacy violations.
In Asia-Pacific, South Korea has emerged as arguably the most aggressive jurisdiction after a period of widespread AI abuse, criminalising not just the creation and distribution but also the possession and viewing of sexually explicit deepfakes with sentences up to seven years. The country launched a 24/7 National Centre for Digital Sexual Crime Response in April 2025 that uses AI to automatically detect and remove deepfake content.
Australia passed legislation in 2024 imposing up to seven years in prison for creating and sharing non-consensual deepfake sexual material. China introduced new rules in March 2025 requiring mandatory labelling of AI-generated synthetic content, taking effect September 2025. Singapore has focused on election integrity, banning digitally manipulated content depicting candidates during election periods.
But all of these legal and regulatory changes mean nothing if they aren’t enforced. This month, headlines across the world have reported on the flood of explicit deepfake and AI-generated images produced on the X platform by the Grok chatbot, owned by Elon Musk. The global response to the Grok “digital undressing” scandal has been swift and severe.
Since late December 2025, xAI’s chatbot Grok has responded to user requests to undress real people by turning photos into sexually explicit material, with the Grok account posting thousands of “nudified” images per hour—including sexualised images of minors. Indonesia became the first country to ban access to Grok outright, with officials stating that “the government views the practice of non-consensual sexual deepfakes as a serious violation of human rights, dignity, and the security of citizens.” Malaysia followed with its own temporary restriction, and Canada’s privacy commissioner expanded an investigation into both X and xAI.
Britain’s media regulator Ofcom made “urgent contact” with the companies about “very serious concerns” regarding the feature, while authorities in India and France also launched investigations. The French government accused Grok of generating “clearly illegal” sexual content and flagged the matter as potentially violating the EU’s Digital Services Act. In Brazil, a federal deputy pushed for nationwide suspension of Grok, reporting the platform to both the Federal Public Prosecutor’s Office and the National Data Protection Authority.
California announced its own investigation, and mobile billboards appeared outside the UK Parliament urging the Prime Minister to ban X and Grok entirely. Facing mounting backlash, X announced on January 14 that Grok will no longer be allowed to edit images of real people in revealing clothing such as bikinis—though critics note this restriction only applies to public posts on X, not to the standalone Grok app where the functionality reportedly remains available. There has been widespread criticism that xAI has essentially just moved the creation of deepfakes into a paid premium tier.
We’re at a important crossroads in the creation, detection, and moderation of AI-generated images. Down one path, technical standards like Content Credentials become widely adopted, major platforms implement robust safeguards, and the legal frameworks being built around the world are actually enforced. AI-generated media becomes a technology with clear provenance, and viewers can make informed decisions about what they’re seeing.
Down the other path, we get a race to the bottom: platforms competing on how few restrictions they impose, watermarks stripped as easily as cropping an image, and laws that exist only on paper. The Grok scandal suggests we’re currently heading down the second path. Whether we course-correct depends not just on regulators and technology companies, but on users and educators through the platforms we choose to use, the content we choose to share, and the standards we demand from the tools that increasingly shape our perception of reality.
Want to learn more about GenAI professional development and advisory services, or just have questions or comments? Get in touch:
Leave a Reply