Gemma 4 E2B Engine Live

Break AI Text Watermarks.

An adversarial ML pipeline with confidence-based attack selection — Gemma 4 E2B, perplexity detection, homoglyphs, and token perturbation.

Try the Live Tool Now

What This Demonstrates

ML Knowledge

Not just an API wrapper — this project shows understanding of LLM watermarking at the token-probability level.

01

Token-Probability Watermarks

SynthID embeds signals during generation by hashing n-gram context ($k=4$) to bias token selection toward a green-list vocabulary — not metadata, not visible text.

02

G-Value as Statistical Measure

Mean green-list alignment above 0.55 indicates watermark confidence; ~0.49–0.51 is baseline noise. The workspace shows pre/post G-values on every run.

03

Why Paraphrasing Works

Regenerating text with an unwatermarked model (Gemma 4 E2B) draws fresh token sequences — n-gram hash patterns reset regardless of original watermark strength.

04

Character vs Statistical Attacks

Unicode tricks (zero-width chars, homoglyphs) break character-level watermarks; paraphrase and perturbation target statistical logit biasing — different physics, different defenses.

05

Self-Evaluating Pipeline

Every attack is scored before and after: G-value drop %, perplexity, auto-selector rationale, and a 5-step transformation timeline prove effectiveness quantitatively.

See Live Scores →

Attack Strategies

Method Artifacts

Animated pipeline previews for core detection and attack methods.

Provider Benchmarks

GOOGLE GEMINI

G-Value: 0.72 (Watermarked)
Tech: SynthID N-gram Logit Biasing

Google Gemini uses SynthID n-gram context logit biasing. Watermarks are embedded into token selection probabilities during model sampling and survive formatting or minor edits.