Token-Probability Watermarks
SynthID embeds signals during generation by hashing n-gram context ($k=4$) to bias token selection toward a green-list vocabulary — not metadata, not visible text.
An adversarial ML pipeline with confidence-based attack selection — Gemma 4 E2B, perplexity detection, homoglyphs, and token perturbation.
Try the Live Tool NowNot just an API wrapper — this project shows understanding of LLM watermarking at the token-probability level.
SynthID embeds signals during generation by hashing n-gram context ($k=4$) to bias token selection toward a green-list vocabulary — not metadata, not visible text.
Mean green-list alignment above 0.55 indicates watermark confidence; ~0.49–0.51 is baseline noise. The workspace shows pre/post G-values on every run.
Regenerating text with an unwatermarked model (Gemma 4 E2B) draws fresh token sequences — n-gram hash patterns reset regardless of original watermark strength.
Unicode tricks (zero-width chars, homoglyphs) break character-level watermarks; paraphrase and perturbation target statistical logit biasing — different physics, different defenses.
Every attack is scored before and after: G-value drop %, perplexity, auto-selector rationale, and a 5-step transformation timeline prove effectiveness quantitatively.
See Live Scores →Animated pipeline previews for core detection and attack methods.
Google Gemini uses SynthID n-gram context logit biasing. Watermarks are embedded into token selection probabilities during model sampling and survive formatting or minor edits.