Mechanism

The adversarial robustness architecture rests on a structural property that distinguishes synthetically generated content from photographically or digitally captured content: a generatively synthesized artifact has no structural lineage to any prior registered artifact in the anchor network. When an image, audio clip, or video sequence is generated by a diffusion model, a generative adversarial network, or a language model operating over visual tokens, the resulting artifact's variance vector position in slope space reflects the statistical properties of the generative model's output distribution rather than the variance profile of any specific prior artifact. The system exploits this absence of lineage rather than trying to recognize forgeries by appearance.

The architecture is built from several independent detectors that each operate on the multi-axis variance vector the content encoder already derives from the artifact. A candidate artifact is processed by the variance vector extractor, which produces the multi-axis variance vector. From that single derived representation, the lineage query module, the screenshot recapture classifier, and the synthetic content detector each produce a separate signal, and a composite risk score aggregator combines them into a single governance signal that routes to the pre-release admissibility engine.

Because every signal is computed from variance features of the content itself, nothing is embedded in the artifact and no enrollment is required. The detectors operate on structurally derived, embedding-free identifiers, which means the same robustness machinery applies wherever a UID can be computed.

Lineage Absence and the Orphan Detector

The lineage query module queries the anchor network for registered parent UIDs within a configured slope continuity radius of the candidate's UID. If no registered parent UID falls within the continuity radius, the orphan detector classifies the artifact as structurally unanchored, meaning it has no provable lineage connection to any content registered in the governed corpus.

The disclosure is careful about what this classification means. Structurally unanchored artifacts are not necessarily fraudulent or impermissible. They cannot be admitted under a policy object that requires verifiable provenance, and they trigger heightened scrutiny under policy objects that govern synthetic content, but the orphan classification is a provenance status rather than a verdict of forgery. This is consistent with the resolution protocol's orphan resolution mode, which returns an empty match set indicating the candidate has no registered lineage within the governed corpus.

Screenshot Recapture Detection

The screenshot recapture detection method exploits a characteristic variance signature introduced when a digital display renders an image and a camera or screen-capture device re-captures the rendered output. Screen rendering introduces a periodic spatial frequency structure in the luminance channel attributable to the sub-pixel geometry of the display, compression and dithering artifacts from the display pipeline, and the optical point-spread function of the capturing lens or sensor.

These artifacts manifest in the Z-axis gradient histogram component of the re-captured artifact as elevated energy in the horizontal and vertical orientation bins relative to the diagonal bins, producing a horizontal-vertical bias score in the Z-axis vector that is systematically elevated compared to the original digital artifact. The screenshot recapture classifier evaluates this Z-axis horizontal-vertical bias against a policy-calibrated threshold and produces a recapture probability score.

This detection method requires no reference to the original artifact and operates entirely from the structural features of the candidate artifact itself, enabling recapture detection without corpus lookup. It is therefore usable even when the candidate has no lineage and no match in any band.

Synthetic Content Detection

The synthetic content detector operates by comparing the candidate artifact's variance vector against a generative model output distribution represented as a slope-band-indexed statistical model of the variance vector profiles of known synthetic content. When a candidate artifact's variance vector falls within the high-probability region of the synthetic content distribution and outside the high-probability region of the authentic content distribution for the relevant content category, the detector produces an elevated synthesis probability score.

The synthetic content distribution may be constructed empirically from samples of generative model outputs registered in a governed reference corpus, and may be updated continuously as new generative model architectures produce artifacts with distinct variance signatures. The system thus adapts to evolving generative model outputs without requiring retraining of an inference model or deployment of new classification infrastructure.

Composite Risk Scoring

The three detectors are not consulted in isolation at the decision point. The composite risk score aggregator combines lineage absence, recapture probability, and synthesis probability into a single governance signal that routes to the pre-release admissibility engine. A candidate may be orphaned but show no recapture signature, or may match a known lineage yet still exhibit a synthetic signature, and the aggregator reconciles these into one signal that downstream governance can act on.

Routing the aggregated signal to the pre-release admissibility engine is what makes the robustness machinery a governance control rather than an after-the-fact alert. The admissibility engine evaluates the candidate at the commitment boundary, so a policy object that requires verifiable provenance, or that governs synthetic content, can act on the composite signal before the artifact is admitted rather than after it has already been released.

Application to Streaming Content

For real-time streaming content, including live video broadcasts, audio streams, and continuous sensor data, the UID derivation system operates over a sliding window of the stream rather than over a discrete artifact. A sliding window of configurable duration is extracted, normalized, and processed through the multi-axis variance vector extraction pipeline to produce a window-level UID, and consecutive window UIDs are compared by cosine similarity to detect structural continuity or discontinuity.

When the cosine similarity between a window-level UID and a registered reference UID exceeds the policy-declared similarity threshold, the system generates a real-time match event that may trigger policy enforcement actions, including invocation of the pre-release admissibility engine. This is the path by which the robustness detectors extend to live capture: the same variance-derived signals support real-time deepfake detection and continuous provenance tracking across streaming platforms without requiring offline batch processing.

Prior-Art Differentiation

The rights-grade admissibility architecture is structurally distinguished from conventional content moderation and watermarking. Conventional moderation applies filters after artifact creation or release, permitting impermissible content to exist as an artifact before detection. The detectors described here feed the pre-release admissibility engine, which evaluates at the commitment boundary, so the impermissible artifact need never come into existence as an admitted object.

Watermarking attaches identity signals that are severable by transcoding, cropping, or generative reconstruction. The present system embeds nothing in the artifact. It evaluates admissibility using structurally derived, embedding-free, registration-free variance vectors computed from the content itself, so there is no embedded signal to strip and no enrollment to circumvent. The screenshot recapture and synthetic content detectors in particular require no reference to an original and, in the recapture case, no corpus lookup at all, because both read structure directly out of the candidate's own variance vector.

Disclosure Scope

The disclosure encompasses the adversarial robustness architecture in which a candidate artifact's multi-axis variance vector drives a lineage query module and orphan detector that classify artifacts without registered parent UIDs within the slope continuity radius as structurally unanchored, a screenshot recapture classifier that scores elevated horizontal-vertical bias in the Z-axis gradient histogram component, and a synthetic content detector that compares the variance vector against a slope-band-indexed generative model output distribution, together with a composite risk score aggregator that combines lineage absence, recapture probability, and synthesis probability into a governance signal routed to the pre-release admissibility engine. It extends to the streaming embodiment in which these signals operate over sliding-window UIDs for real-time deepfake detection.

The disclosure does not constrain the specific policy-calibrated thresholds, the specific construction of the synthetic content distribution, or the content categories to which the detectors are applied. These are deployment choices. The disclosure does constrain the structural properties: the signals must be derived from the content's own variance vector rather than from an embedded signal, the orphan classification must be treated as a provenance status rather than a verdict, and the composite signal must route to pre-release admissibility evaluation rather than post-release filtering.

The disclosure is filed under PCT International Application No. PCT/US26/28630 and forms a structural primitive of the content anchoring system. A system that embeds a severable signal, that evaluates only after release, or that collapses the orphan provenance status into a binary forgery verdict is outside the disclosure.