Your file never leaves this browser. Nothing is uploaded. The parsing below runs on your device with plain JavaScript, and if you check your browser's network activity while using it, you will see no request go out for the image itself.
Supports JPEG and PNG fully. WEBP is detected but its metadata is not yet parsed by this build. Nothing about your image, including the fact that you checked one, is logged or stored.
This is a metadata reader, not a pixel classifier. When you pick a file, this page reads the raw bytes with the browser's File API and runs a small parser, written specifically for this tool, that walks the file's internal structure the same way a photo editor would.
For a JPEG, that means stepping through its marker segments looking for an APP1 segment starting with "Exif," which holds the same TIFF-style metadata block your camera or phone writes: make, model, software, date, and sometimes GPS. It also looks for a second kind of APP1 segment carrying an XMP packet, an XML block that generators like Midjourney and Adobe products use to record a CreatorTool field or an IPTC DigitalSourceType tag. It checks for an APP11 segment, the container JPEG uses to carry a C2PA Content Credentials manifest, the cryptographically signed provenance record that OpenAI and Adobe attach to their generated images.
For a PNG, the parser walks the file's chunk structure looking for tEXt and iTXt chunks. Local Stable Diffusion tools (the AUTOMATIC1111 WebUI and its forks) write a chunk named "parameters" containing the prompt, sampler, seed, and model used, by default, unless a user has turned that setting off. ComfyUI writes chunks named "prompt" and "workflow" containing its full node graph. Those are strong, specific tells this tool checks for directly, alongside a general keyword scan for generator names anywhere in the file's text metadata.
Every check happens inside metadata regions only. The parser never scans the actual compressed pixel data, both because that data is not meaningful text and because scanning it would risk a false match inside effectively-random compressed bytes. Everything you see in the results panel is a direct read of a specific, named part of the file, not an estimate.
A strong metadata finding, like a C2PA manifest naming DALL-E or a PNG "parameters" chunk full of Stable Diffusion sampler settings, is good evidence. Someone would have to deliberately fabricate that data by hand for it to be wrong, and for most images nobody bothers.
An absence of metadata proves close to nothing. Camera EXIF data is stripped by nearly every path an image travels: texting it, posting it to Instagram or X, sending it through WhatsApp, saving it from a browser, or running it through almost any editing app. A real photo shared twice through a messaging app usually looks metadata-blank by the time it reaches you, and a growing number of AI generators, including Midjourney as of early 2026 according to a C2PA support tracker at c2paviewer.com, do not attach any standardized metadata at all. This tool will tell you plainly when it finds nothing, and it will tell you that finding nothing does not mean much, rather than turning silence into a confident-looking score.
Metadata can also be actively wrong. Software fields can be edited by hand. A generic "Software: Adobe Photoshop" tag proves an image was opened in Photoshop at some point, not that it was not also AI-generated first. Even camera-style Make and Model fields are just text a file format allows anyone to write, so a sufficiently motivated person could inject them into a synthetic image. C2PA manifests are the one category built specifically to resist this: they are cryptographically signed, so silent editing of a signed manifest is meant to invalidate the signature rather than pass unnoticed. This tool detects the presence of a C2PA container but does not verify its cryptographic signature, which is why it labels that finding "moderate" rather than "strong."
Beyond metadata, there are two other approaches worth knowing about, neither of which a browser page can run.
Invisible watermarking, like Google's SynthID, embeds a signal directly into the pixel pattern at generation time that survives some cropping and re-compression. It cannot be read without the generator's own detection tool, and OpenAI's help documentation notes its own SynthID-style watermark, paired with C2PA, is more durable through edits than the C2PA metadata is by itself.
Pixel-level classifiers are the trained neural networks that server-based detectors run: services like Hive, which prices its AI-generated image and deepfake classification API at $6.00 per 1,000 image requests with a 100-request daily limit on its standard tier, and Sightengine, which offers a free tier of 2,000 operations a month and paid plans from $29 a month for 10,000 operations, according to each vendor's own pricing page as of July 2026. These tools look at statistical patterns in the pixels themselves rather than text metadata, which means they can flag images with metadata stripped. They are not infallible either. A May 14, 2026 benchmark published by AIMultiple, testing several consumer AI image detectors against a small set of 5 real and 5 AI-generated images, found that most performed no better than a coin toss and that at least one tool scored 99 percent confidence on one AI image and 1.4 percent on another from the same batch. That is a small test, not a definitive industry verdict, but it lines up with the general pattern that pixel-based detectors are useful signal, not a verdict machine, the same conclusion our deeper look at AI detectors reached for text.
When metadata comes back empty or ambiguous, look at the image itself. None of these are individually conclusive, but a cluster of them is a real signal.
If you are trying to verify something with real consequences, a metadata result plus a manual look, weighed together and never treated as certain, is the honest ceiling for what anyone can tell you today, from a browser or otherwise. For a broader look at how detection tools handle text instead of images, read our honest look at whether AI detectors work. If you are choosing writing tools rather than trying to catch them, our best AI writing tools guide and our best AI for teachers roundup cover that ground.
No. Nothing available today, in a browser or otherwise, can prove with certainty that an arbitrary image is or is not AI-generated. The best tools, including this one, look for evidence: metadata a generator left behind, or visual artifacts a trained model flags as statistically unusual. Evidence can be strong or weak, but it is not proof, and any tool that hands you a bare percentage without showing its evidence is not being straight with you.
No. This tool reads the file you select entirely inside your browser using the File API and never sends the bytes to a server. You can disconnect from the internet after the page loads and it will still work, since all the parsing logic already downloaded with the page.
Because a missing-metadata result is genuinely ambiguous and a fake score would hide that. Messaging apps, social platforms, screenshots, and many photo editors strip metadata from ordinary camera photos as a matter of routine, so an image with no EXIF or XMP data is not good evidence of anything. Reporting that plainly is more honest than converting it into a made-up confidence percentage.
Yes, both directions. Metadata is easy to strip with free tools, and a generator's software tag or even a C2PA manifest can in principle be forged or edited by someone with the right tools, though C2PA manifests are cryptographically signed specifically to make silent tampering detectable. Treat every metadata-based finding, including the ones this tool reports as strong, as evidence to weigh, not a verdict to accept blindly.