Google Is Now Watermarking Its AI-Generated Text
Google 正在為其 AI 生成的文字添加浮水印

The chatbot revolution has left our world awash in AI-generated text: It has infiltrated our news feeds, term papers, and inboxes. It’s so absurdly abundant that industries have sprung up to provide moves and countermoves. Some companies offer services to identify AI-generated text by analyzing the material, while others say their tools will “humanize“ your AI-generated text and make it undetectable. Both types of tools have questionable performance, and as chatbots get better and better, it will only get more difficult to tell whether words were strung together by a human or an algorithm.
聊天機器人革命席捲全球，AI 生成的文字充斥著我們的新聞資訊、學術論文和電子郵件收件匣。其數量之龐大已令人匪夷所思，甚至催生出許多相關產業，形成攻防對抗的局面。有些公司提供分析文本以識別 AI 生成文字的服務，另一些公司則宣稱其工具能將您的 AI 生成文字「人性化」，使其難以辨識。這兩種工具的效能都令人質疑，而且隨著聊天機器人技術日益精進，要分辨文字是由人類撰寫還是演算法生成將變得越來越困難。

Here’s another approach: Adding some sort of watermark or content credential to text from the start, which lets people easily check whether the text was AI-generated. New research from Google DeepMind, described today in the journal Nature, offers a way to do just that. The system, called SynthID-Text, doesn’t compromise “the quality, accuracy, creativity, or speed of the text generation,” says Pushmeet Kohli, vice president of research at Google DeepMind and a coauthor of the paper. But the researchers acknowledge that their system is far from foolproof, and isn’t yet available to everyone—it’s more of a demonstration than a scalable solution.
另一種方法是：從一開始就在文字中加入某種浮水印或內容憑證，讓使用者能輕易地檢查文字是否為 AI 生成。來自Google DeepMind的最新研究，今日發表於Nature期刊，提供了一種實現此目標的方法。該系統名為 SynthID-Text，Google DeepMind 研究副總裁兼論文共同作者Pushmeet Kohli表示，它不會影響「文字生成的品質、準確性、創意或速度」。但研究人員也承認，他們的系統遠非萬無一失，目前也尚未普及——它更像是一個示範，而非一個可擴展的解決方案。

Google has already integrated this new watermarking system into its Gemini chatbot, the company announced today. It has also open-sourced the tool and made it available to developers and businesses, allowing them to use the tool to determine whether text outputs have come from their own large language models (LLMs), the AI systems that power chatbots. However, only Google and those developers currently have access to the detector that checks for the watermark. As Kohli says: “While SynthID isn’t a silver bullet for identifying AI-generated content, it is an important building block for developing more reliable AI identification tools.”
Google 今日宣布，已將這套新的浮水印系統整合到其Gemini聊天機器人中。他們也將該工具開源並提供給開發人員和企業，讓他們可以使用該工具來判斷文字輸出是否來自他們自己的大型語言模型(LLMs)，也就是驅動聊天機器人的 AI 系統。然而，目前只有 Google 和這些開發人員才能使用用於檢查浮水印的偵測器。正如 Kohli 所言：「雖然 SynthID 並非識別 AI 生成內容的靈丹妙藥，但它是開發更可靠的 AI 識別工具的重要基石。」

The Rise of Content Credentials
內容憑證的興起

Content credentials have been a hot topic for images and video, and have been viewed as one way to combat the rise of deepfakes. Tech companies and major media outlets have joined together in an initiative called C2PA, which has worked out a system for attaching encrypted metadata to image and video files indicating if they’re real or AI-generated. But text is a much harder problem, since text can so easily be altered to obscure or eliminate a watermark. While SynthID-Text isn’t the first attempt at creating a watermarking system for text, it is the first one to be tested on 20 million prompts.
內容憑證一直是圖像和影片的熱門話題，並被視為應對深度偽造興起的一種方法。科技公司和主要媒體機構共同參與了一個名為C2PA的倡議，該倡議制定了一套系統，用於將加密的元數據附加到圖像和影片檔案中，以指示它們是真實的還是 AI 生成的。但文字是一個更棘手的問題，因為文字很容易被修改以隱藏或消除浮水印。雖然 SynthID-Text 並不是第一個嘗試為文字創建浮水印系統的嘗試，但它是第一個在 2000 萬個提示上進行測試的系統。

Outside experts working on content credentials see the DeepMind research as a good step. It “holds promise for improving the use of durable content credentials from C2PA for documents and raw text,” says Andrew Jenks, Microsoft’s director of media provenance and executive chair of the C2PA. “This is a tough problem to solve, and it is nice to see some progress being made,” says Bruce MacCormack, a member of the C2PA steering committee.
從事內容憑證研究的外部專家認為 DeepMind 的研究是一個良好的開端。微軟媒體溯源總監兼 C2PA 執行主席Andrew Jenks表示，它「有望改善 C2PA 持久性內容憑證在文件和原始文字中的應用」。C2PA 指導委員會成員Bruce MacCormack表示：「這是一個很難解決的問題，很高興看到取得了一些進展。」

How Google’s Text Watermarks Work
Google 文字浮水印的工作原理

SynthID-Text works by discreetly interfering in the generation process: It alters some of the words that a chatbot outputs to the user in a way that’s invisible to humans but clear to a SynthID detector. “Such modifications introduce a statistical signature into the generated text,” the researchers write in the paper. “During the watermark detection phase, the signature can be measured to determine whether the text was indeed generated by the watermarked LLM.”
SynthID-Text 通過巧妙地干預生成過程來運作：它以對人類不可見但對 SynthID 偵測器清晰可見的方式，更改聊天機器人輸出給使用者的一些詞語。「這種修改會在生成的文字中引入統計學上的特徵」，研究人員在論文中寫道。「在浮水印檢測階段，可以測量該特徵以確定文字是否確實是由帶有浮水印的LLM生成的。」

The LLMs that power chatbots work by generating sentences word by word, looking at the context of what has come before to choose a likely next word. Essentially, SynthID-Text interferes by randomly assigning number scores to candidate words and having the LLM output words with higher scores. Later, a detector can take in a piece of text and calculate its overall score; watermarked text will have a higher score than non-watermarked text. The DeepMind team checked their system’s performance against other text watermarking tools that alter the generation process, and found that it did a better job of detecting watermarked text.
驅動聊天機器人的LLMs通過逐字生成句子來運作，它會查看之前出現的內容的上下文，以選擇一個可能的下一個詞。基本上，SynthID-Text 通過隨機為候選詞分配數字分數，並讓LLM輸出分數較高的詞語來進行干預。稍後，偵測器可以接收一段文字並計算其總分；帶有浮水印的文字的分數將高於未帶有浮水印的文字。DeepMind 團隊將其系統的效能與其他改變生成過程的文字浮水印工具進行了比較，發現它在檢測帶有浮水印的文字方面做得更好。

However, the researchers acknowledge in their paper that it’s still easy to alter a Gemini-generated text and fool the detector. Even though users wouldn’t know which words to change, if they edit the text significantly or even ask another chatbot to summarize the text, the watermark would likely be obscured.
然而，研究人員在論文中承認，修改 Gemini 生成的文字並愚弄偵測器仍然很容易。即使使用者不知道該更改哪些字詞，如果他們大幅修改文字，甚至請另一個聊天機器人摘要文字，水印很可能會被模糊掉。

Testing Text Watermarks at Scale
大規模測試文字水印

To be sure that SynthID-Text truly didn’t make chatbots produce worse responses, the team tested it on 20 million prompts given to Gemini. Half of those prompts were routed to the SynthID-Text system and got a watermarked response, while the other half got the standard Gemini response. Judging by the “thumbs up” and “thumbs down” feedback from users, the watermarked responses were just as satisfactory to users as the standard ones.
為確保 SynthID-Text 確實沒有讓聊天機器人產生更差的回應，研究團隊在提供給Gemini的 2000 萬個提示上測試了它。其中一半的提示被路由到 SynthID-Text 系統並獲得帶有水印的回應，而另一半則獲得標準的 Gemini 回應。根據使用者的「讚」和「踩」回饋，帶有水印的回應與標準回應一樣令人滿意。

Which is great for Google and the developers building on Gemini. But tackling the full problem of identifying AI-generated text (which some call AI slop) will require many more AI companies to implement watermarking technologies—ideally, in an interoperable manner so that one detector could identify text from many different LLMs. And even in the unlikely event that all the major AI companies signed on to some agreement, there would still be the problem of open-source LLMs, which can easily be altered to remove any watermarking functionality.
這對 Google 和在 Gemini 上開發的開發人員來說是很棒的。但要解決識別 AI 生成的文字（有些人稱之為AI 廢料）的完整問題，需要更多 AI 公司實施水印技術——理想情況下，以互操作的方式，以便一個偵測器可以識別來自許多不同LLMs的文字。即使所有主要 AI 公司都不太可能簽署任何協議，仍然存在開源LLMs的問題，這些開源模型很容易被修改以移除任何水印功能。

MacCormack of C2PA notes that detection is a particular problem when you start to think practically about implementation. “There are challenges with the review of text in the wild,” he says, “where you would have to know which watermarking model has been applied to know how and where to look for the signal.” Overall, he says, the researchers still have their work cut out for them. This effort “is not a dead end,” says MacCormack, “but it’s the first step on a long road.”
C2PA 的 MacCormack 指出，當你開始實際考慮實施時，偵測是一個特殊的問題。「在現實環境中審查文字存在挑戰，」他說，「你必須知道已應用哪個水印模型，才能知道如何以及在哪裡尋找信號。」總體而言，他說，研究人員的工作仍然任重道遠。MacCormack 說，這項努力「並非死胡同」，「但這是漫漫長路上的第一步」。