This study systematically evaluates the effectiveness and robustness of Google’s SynthID-Text watermarking method for detecting AI-generated text. Focusing on its tournament-based sampling embedding mechanism, the work introduces the first “layer inflation attack,” supported by a theoretical analysis grounded in probabilistic modeling and Bayesian inference, along with adversarial experiments. The findings reveal that the mean-based scoring is highly sensitive to model depth and thus vulnerable to such attacks, whereas Bayesian scoring demonstrates significantly greater robustness, with an optimal Bernoulli parameter of 0.5. These results expose the fragility of SynthID-Text in multi-layer architectures and affirm the superiority of Bayesian scoring, offering theoretical insights for developing more secure and robust watermarking techniques for large language models.

Google's SynthID-Text, the first ever production-ready generative watermark system for large language model, designs a novel Tournament-based method that achieves the state-of-the-art detectability for identifying AI-generated texts. The system's innovation lies in: 1) a new Tournament sampling algorithm for watermarking embedding, 2) a detection strategy based on the introduced score function (e.g., Bayesian or mean score), and 3) a unified design that supports both distortionary and non-distortionary watermarking methods. This paper presents the first theoretical analysis of SynthID-Text, with a focus on its detection performance and watermark robustness, complemented by empirical validation. For example, we prove that the mean score is inherently vulnerable to increased tournament layers, and design a layer inflation attack to break SynthID-Text. We also prove the Bayesian score offers improved watermark robustness w.r.t. layers and further establish that the optimal Bernoulli distribution for watermark detection is achieved when the parameter is set to 0.5. Together, these theoretical and empirical insights not only deepen our understanding of SynthID-Text, but also open new avenues for analyzing effective watermark removal strategies and designing robust watermarking techniques. Source code is available at https: //github.com/romidi80/Synth-ID-Empirical-Analysis.