Amid the proliferation of generative AI, trustworthy provenance of digital media faces significant challenges. This work presents the first independent and comprehensive formal security analysis of the Content Credentials by Adobe (C2PA) specification. By formally modeling and verifying its core protocols, the study systematically evaluates C2PA’s reliability in real-world deployment scenarios. The analysis reveals that the current version of C2PA fails to achieve its stated core security objectives and lacks essential safeguards required in high-stakes domains such as finance, journalism, and legal contexts. The findings underscore critical deployment risks and offer foundational insights and concrete directions for designing future trustworthy content provenance systems.

The rapid rise of generative AI has made it easy to create convincing fake media at scale. In response, an industrial coalition has developed the Coalition for Content Provenance and Authenticity (C2PA), a system intended to provide verifiable provenance for digital content. Our research team conducted the first comprehensive, independent security analysis of C2PA. Our study includes the first formal-methods analysis of C2PA's core protocols. We find that the current C2PA specifications fail to achieve their claimed security goals. Furthermore, they also fail to achieve key additional goals, which all such provenance systems require for trustworthy deployment. As a result, C2PA may mislead users, platforms, and policymakers if relied upon prematurely. C2PA is a promising idea, but it should not yet be relied upon for high-stakes uses such as financial disclosures, journalism, or legal evidence.