How to Detect AI Generated Image in Discovery Production

Detection lags generation by 6-18 months structurally. The same machine learning pipelines that detect AI artifacts feed back into next-generation models that scrub them. GPT Image 2 — released April 21, 2026 by OpenAI per the Images 2.0 announcement — ships a reasoning pipeline that self-checks outputs, scrubbing the visual artifacts that detection tools used to flag. With 300+ federal judges running AI standing orders and 1,227 hallucination sanctions in the Charlotin database as of early 2026, receiving parties in discovery production now face a real triage problem: how do you find the AI-generated images in a custodian's pool of 50,000 documents when the producing party hasn't disclosed them? No single tool answers the question dispositively. The right answer is a multi-layer triage protocol: C2PA inspection first, automated detection tools as a second pass, manual forensic review for high-stakes assets. Here's the playbook every litigation support team should be running by Q3 2026.

Why detection is structurally asymmetric — and what that means for protocol design

Detection tools and generation tools share an adversarial relationship. Every detection signal becomes a training input for the next generation of models. The pipeline is direct: a detection tool flags six-fingered hands, distorted text, or impossible lighting; the next generation model trains against those signals; the new outputs no longer trip the flag.

GPT Image 2's reasoning pipeline self-check is the current evolution. The model generates an output, the reasoning pipeline scans for inconsistencies (visual artifacts, text errors, lighting mismatches), and the model regenerates or refines until the output passes its own internal check. Per OpenAI's Images 2.0 announcement, this is a key differentiator from prior models. The operational implication for legal: the artifact-based detection tools that worked against DALL-E 2, GPT Image 1, and early Midjourney versions don't reliably work against GPT Image 2.

This structural asymmetry has three consequences for protocol design.

Consequence 1: Multi-layer triage is mandatory. No single detection tool will catch all AI-generated images. The protocol must combine multiple detection vectors and accept that some AI-generated images will pass all automated checks.

Consequence 2: Provenance metadata is the most reliable signal. When C2PA Content Credentials are present and verified, AI-origin is dispositive. When metadata is absent, the absence is suspicious but not dispositive: the image could be AI-generated with stripped metadata, or it could be a legitimate photograph from a tool that doesn't ship C2PA. Triage protocols must distinguish these cases.

Consequence 3: Manual forensic review remains valuable for high-stakes assets. For images that survive automated triage and matter to the case, expert forensic review by a digital evidence specialist is the final layer. Cost of forensic review (typically $250-$500/hour for credentialed experts) is justified for case-determinative assets, not for routine document review.

The second-order read: building this protocol now is asymmetric in the receiving party's favor. Producing parties don't currently inspect their own custodian pools for AI-generated content. The receiving party that inspects first finds AI-origin the producing party didn't realize they were disclosing. The third-order read: as the protocol becomes standard practice industry-wide (likely 18-24 months), producing parties will start scrubbing. At which point C2PA-stripping itself becomes an FRCP 37(e) spoliation hook. The C2PA Content Credentials evidence standards spoke covers the spoliation framework.

Layer 1; C2PA Content Credentials inspection (the first pass)

Every inbound discovery production image gets passed through C2PA inspection within the first 7 days of receipt. Three tools cover the workflow.

Tool 1: contentcredentials.org/verify. The consumer-grade inspection portal at contentcredentials.org/verify accepts drag-and-drop image uploads and displays the full manifest chain. Free, no account required, fast. This is the right tool for one-off triage on suspicious images flagged by other workflow steps.

Tool 2: c2patool (command-line). The official command-line tool from the Content Authenticity Initiative, available at github.com/contentauth/c2patool. For batch inspection across thousands of discovery production images, c2patool is the right tool. Output is structured JSON. Wire it into a litigation support pipeline that flags any image without a manifest, any image with a stripped manifest, or any image whose generation issuer is on a watchlist.

Tool 3: c2pa-rs and c2pa-python (developer SDKs). For firms with internal litigation-support engineering, the Rust (github.com/contentauth/c2pa-rs) and Python wrapper SDKs allow embedding C2PA inspection directly into the document review platform's image triage step. This is the right depth for firms processing 100,000+ images per matter.

The operational protocol: every image asset in inbound production is queued for C2PA inspection within 7 days. The output of c2patool gets logged to the matter file. Categorize each asset:

- Manifest present, AI issuer detected (OpenAI, Adobe Firefly, Microsoft Designer, etc.) → flag for foundation review and disclosure inquiry. - Manifest present, non-AI issuer (camera hardware, professional editing tool) → low-priority, normal authentication path. - Manifest absent → flag for Layer 2 detection. Absence isn't dispositive but is suspicious for any image where AI use is plausible.

Build the categorization step into the standard document review intake workflow. The 30-second-per-image C2PA check produces a triage signal that drastically reduces the volume requiring deeper forensic analysis.

Layer 2: Automated detection tools (when C2PA is absent)

When Layer 1 doesn't surface a manifest or surfaces an ambiguous result, Layer 2 runs automated AI-detection tools. Three commercial tools dominate as of April 2026, with meaningful false-positive and false-negative rates each.

Tool 1: Optic (optic.xyz). Optic is a commercial AI-image detection service with API integration for litigation-support pipelines. Detection accuracy varies by image type: photographic content has higher detection rates than stylized content. Optic publishes precision and recall metrics; verify current performance before relying on the tool. Pricing is API-call based with enterprise tiers.

Tool 2: Hive Moderation (hivemoderation.com). Hive provides AI-generated content detection across images, video, and text. The image detection product is widely used by content moderation teams and increasingly by legal-tech vendors. Pricing follows API-call usage with enterprise tiers.

Tool 3: Truepic (truepic.com). Truepic combines C2PA-based provenance verification with AI-generation detection for assets without manifests. The combined product is differentiated for legal use cases because it surfaces both manifest verification and detection results in a single inspection pass.

The protocol: pass Layer 1 "manifest absent" assets through all three Layer 2 tools. Compare results across tools. Categorize:

- All three tools flag AI-origin → high confidence AI-generated, escalate to Layer 3 forensic review. - Two of three tools flag AI-origin → moderate confidence, escalate to Layer 3 for case-determinative assets. - One of three tools flags AI-origin → low confidence, may be false positive; escalate only for high-stakes assets. - No tool flags AI-origin → likely authentic, normal authentication path. Note this is not dispositive: sophisticated AI-generation may pass automated detection.

The second-order read: Layer 2 tools have meaningful error rates. False positives (authentic images flagged as AI) damage opposing counsel relationships if surfaced as accusations. False negatives (AI images cleared as authentic) leave AI-origin in the record. Build the multi-tool comparison into the protocol to manage both error types.

The third-order read: forensic AI detection is a fast-moving research field. New tools will emerge over the next 12-18 months with improved accuracy against GPT Image 2 specifically. Subscribe to detection tool updates and re-evaluate the toolkit quarterly.

Layer 3. Manual forensic review (for case-determinative assets)

When automated detection produces ambiguous results and the asset matters to the case, Layer 3 invokes manual forensic review by a digital evidence specialist. Three forensic indicators remain valuable even against GPT Image 2's reasoning-pipeline outputs.

Indicator 1: Reverse image search patterns. AI-generated images often have no prior online appearances; most authentic photographs have at least one prior posting somewhere on the internet. Reverse image searches through TinEye and Google Reverse Image Search provide a baseline signal. AI-generated images derived from training data may have similarities to source images that surface through reverse search. The absence of any matches is suspicious for any image where AI use is plausible.

Indicator 2: Compression and noise patterns. Authentic photographs carry sensor noise patterns characteristic of the camera that captured them. AI-generated images carry noise patterns characteristic of the generation model's diffusion process. Forensic image analysis (using tools like FotoForensics or commercial forensic suites) can surface noise pattern inconsistencies. Note that GPT Image 2's reasoning pipeline reduces but doesn't eliminate the signal.

Indicator 3: Metadata inconsistency. Even when C2PA is absent, EXIF and other embedded metadata may contain inconsistencies that flag AI-origin. Camera metadata fields (make, model, GPS coordinates, exposure settings) absent from a purported photograph are suspicious. EXIF data inconsistent with the apparent date and location of the image is suspicious. Forensic analysis surfaces these patterns.

The operational protocol for Layer 3: engage a credentialed digital evidence specialist for case-determinative assets that survived Layers 1 and 2 with ambiguous results. Cost of forensic review typically runs $250-$500/hour for credentialed experts. Budget the review only for assets that materially affect the case outcome.

When the forensic review surfaces AI-origin: file a motion to strike or otherwise raise authentication objections under FRE 901, with the forensic report as supporting evidence. The report becomes part of the discovery record and may support sanctions motions if the producing party should have known about the AI-origin. The federal rules of evidence 902 and AI images authentication guide covers the authentication framework that interacts with detection findings.

Building the protocol into firm operations, the litigation support workflow

Five operational moves integrate the multi-layer detection protocol into the firm's standard litigation support workflow.

Move 1: Add C2PA inspection to the document intake step. When inbound discovery production arrives, the litigation support team runs c2patool batch inspection on all image assets within 7 days. Output is logged to the matter file alongside the standard document review log.

Move 2: Build automated detection tool integration. For mid-size and larger firms, integrate Optic, Hive, and Truepic API access into the document review platform. Layer 2 tools run automatically on Layer 1 "manifest absent" assets. Results feed the document review interface as flags visible to reviewing attorneys.

Move 3: Establish forensic review escalation criteria. Document the criteria for escalating to Layer 3 forensic review. Typical criteria: case-determinative asset, ambiguous Layer 2 results, opposing counsel disputes characterization, motion practice expected. The AI Governance Partner role from the firm policy template approves Layer 3 escalations.

Move 4: Train litigation associates on the workflow. Associates running document review need to understand the AI-detection layer enough to interpret flags and escalate appropriately. Annual training covers the protocol, tool capabilities, false-positive and false-negative considerations, and the escalation path.

Move 5: Update engagement letter language. Disclose the firm's AI-detection capability to clients as part of standard engagement terms. Sophisticated clients increasingly evaluate firms on AI governance posture, and detection capability is part of that evaluation. The disclosure also supports billing for AI-detection time as appropriate.

The second-order read: building this protocol now is asymmetric in the firm's favor. The investment is one-time (workflow integration, training, vendor relationships); the return is recurring (every matter benefits, every authentication challenge is supported). The third-order read: by 2027-2028, AI-detection capability will be standard across the industry. The firms that build it now have an 18-24 month window of competitive advantage. Per the first sanctioned attorney AI image prediction analysis, the cascade of sanctions cases will accelerate adoption industry-wide.

My take: AI-image detection capability is a procurement asset that compounds. Two months of workflow integration produces years of motion-practice leverage. Every firm with active litigation should adopt the multi-layer protocol by Q3 2026.

The Bottom Line: My take: Detection lags generation by structural design, but a multi-layer triage protocol: C2PA Content Credentials inspection first, automated detection tools as a second pass, manual forensic review for case-determinative assets. Produces actionable triage signals on inbound discovery production. No single tool is dispositive; the protocol is the asset. Building it now is asymmetric in the receiving party's favor because producing parties don't yet inspect their own custodian pools. Every firm with active litigation should integrate the multi-layer protocol into the litigation support workflow by Q3 2026.