Cloudflare has integrated Content Credentials metadata into Cloudflare Images, the content delivery network firm announced on Feb. 3. First proposed in 2021 by the Coalition for Content Provenance and Authenticity (C2PA), Content Credentials identify whether an image was AI-generated, modified with AI, or photographed.
About 20% of internet properties use Cloudflare, Content Authenticity Initiative Community Manager Jen Tse pointed out in a blog post.
“We now have cameras from hardware manufacturers, editing tools and software, and digital asset managers with Content Credentials baked into them,” said Will Allen, head of AI control, privacy, and media products at Cloudflare, in the blog post. “That last mile where it actually gets to the user across the web, whether they’re on their phone or on their browser—that was missing.”
Allen was formerly a vice president at Adobe and helped establish the C2PA and the Content Authenticity Initiative.
SEE: Could C2PA Cryptography be the Key to Fighting AI-Driven Misinformation?
Cloudflare Images makes Content Credentials slightly easier to find
Content Credentials can be attached to images at several stages of the process; some cameras can attach them to images automatically. However, content delivery networks like Cloudflare can transform the credentials by the time the image is displayed on a website. Tse calls Cloudflare’s adoption of the standard as a way to preserve information about an image’s provenance through the “last-mile delivery.”
Previously, Content Credentials information could easily be lost if an image was transformed in any way, including changing the file type or resizing. Cloudflare provides a mechanism to preserve that information.
SEE: Security researchers found AI company DeepSeek left access to some of its databases exposed to the public.
“Our service recognizes the Content Credentials that were attached to the file when it came in, before any transformations are applied,” Allen said. “Cloudflare Images users can simply toggle ‘Preserve Content Credentials’ and any embedded Content Credentials will be preserved.”
Content Credentials can be viewed with Adobe’s Inspect tool or the C2PA command line tool.
“We have SSL for website certificates and we have DKIM for e-mail,” Allen said. “Cryptographic verification of information is a cornerstone of the internet. It hadn’t existed for content, and now it does.”
What’s next for Content Credentials on Cloudflare?
Cloudflare is working on a variant of Content Credentials for video, Allen said.
In addition, Allen invited Cloudflare customers and users to provide feedback and ideas about credentialling; he has received feedback that some customers want to move Content Credentials earlier in the image pipeline.
Google and Adobe adopted Content Credentials last year
In May 2024, Adobe opened Content Credentials and its generative AI Firefly to its bug bounty program. Google Search signed on to Content Credentials in September 2024, using the “about this image” menu and Google Lens.
