As generative artificial intelligence becomes increasingly integrated into academic research, distinguishing AI generated content from human created work has become a major challenge.
Take these statistics for example, a study by researchers from Cornell University, University of California and Tsinghua University analyzed 2.5 million papers on arXiv, bioRxiv, SSRN and PubMed Central and found nearly 150,000 to be AI generated.
Similarly, Position Paper Track of NeurIPS, one of the most prestigious machine learning conferences, found over 1/3rd position paper submissions to be AI generated for NeurIPS 2026.
Moreover, the Association for Computational Linguistics (ACL) desk-rejected more than 100 papers that were accepted to its 2026 annual conference after finding citations to non-existent literature, pointing towards the increasingly prevalent phenomenon of AI hallucinations in academia.
To counter these challenges, researchers have developed the “watermarking” technique in Large Language Models (LLMs), that embeds a hidden, detectable, pattern into AI-generated text so that it can later be identified as likely having been produced by a certain model. It helps detect and audit usage of machine-generated text.
While watermarking is viewed as a safeguard for preserving the original content, recent research papers presented at the International Conference on Machine Learning (ICML) 2026 stressed that building watermarks which are both secure and safe still remains a challenge.
A research paper titled “Catch-22: On the Fundamental Tradeoff Between Detectability and Robustness in LLM Watermarking” which has been accepted as a spotlight paper at the ICML 2026 has revealed that creating an effective watermark is more challenging than it appears.
According to the study, a watermark that is strong enough to be reliably verified also tends to leave statistical traces, making it easier for outsiders to detect or remove while on the other hand a watermark which is carefully hidden is often fragile and can be destroyed by simple edits such as paraphrasing or rewriting.
“When an AI system such as ChatGPT generates text, watermarking means adding a hidden signal to the output so the text can later be verified as AI-generated. In this work, we show that watermarking LLM-generated text faces a fundamental tradeoff,” the study said.
The paper authored by Kuheli Pratihar, a PhD student at the Indian Institute of Technology Kharagpur and Debdeep Mukhopadhya, professor at the institute has identified three key factors that determine the effectiveness of AI text watermarking which are detectability, edit resistance, and stealth.
Detectability asks whether the intended verifier can reliably find the watermark. Edit resistance asks whether the watermark survives changes to the text. Stealth asks whether the watermark remains invisible to outsiders without the secret key.
Another research paper titled “GoodDiffusion: Proactive Copyright Protection for Diffusion Bridge Models via Learnable Sample-specific Signatures” also accepted as a spotlight paper claimed that as AI image generation has become widespread, protecting the copyright of powerful diffusion models has become challenging. Once these models are leaked or copied, they can be used without the owner’s permission, making it difficult to prevent unauthorized access.
“Modern diffusion models are expensive to train and valuable to their owners, but once a copy of a model is leaked, someone may use it without permission. Thus, the copyright protection of diffusion models is crucial for the development of generative AI,” the study highlighted.
The researchers Shixi Qin, Zhiyong Yang, Shilong Bao, Zitai Wang, Qianqian Xu, Qingming Huang have proposed a framework called GoodDiffusion, which aims to stop unauthorized use before images are generated rather than simply detecting misuse afterward. Instead of relying on traditional watermarking techniques which trace AI generated images after they are created, GoodDiffusion requires every authorized input to contain a unique digital signature similar to a ticket.
“We propose GoodDiffusion, which gives each authorized input a small learned signature, similar to a per-image ticket, and trains the model to produce high-quality results only when the valid signature is present. If the input is unauthorized, the model returns a warning image to indicate the unauthorized usage,” the study mentioned.
The researchers evaluated this idea on various image-to-image tasks and the results showed that GoodDiffusion can effectively block unauthorized use while preserving generation quality for authorized users.
Similarly a research paper titled “AliMark: Enhancing Robustness of Sentence-Level Watermarking Against Text Paraphrasing” accepted as a regular paper at ICML has also proposed a novel watermarking framework called AliMark. Instead of embedding a watermark based on sentence structure, AliMark hides a secret sequence of signals within the meaning of individual sentences across the entire text.
The paper authored by Yuexin Li, Wenjie Qu, Linyu Wu, Yulin Chen, Yufei He, Tri Cao, Bryan Hooi, Jiaheng Zhang mentioned that during the detection test, the system can reconstruct altered sentence structures by merging or splitting sentences before searching for the hidden watermark.
“This design naturally improves robustness to sentence splitting and merging. Our experiments demonstrate that even when subjected to strong text paraphrasing attacks, AliMark successfully preserves its watermark signals, offering a highly robust and reliable solution for tracing AI-generated content, protecting intellectual property, and maintaining academic integrity,” the study claimed.
Researchers Xin Zhang, Zijin Yang, Kejiang Chen, Linfeng Ma, Weiming Zhang, Nenghai Yu have proposed in their paper “SemBind: Binding Diffusion Watermarks to Semantics Against Black-Box Forgery Attacks” a new technique called SemBind which improves the security of hidden watermarks embedded in AI-generated images, helping to prevent a recent increase in digital forgery.
According to the study, AI image generators can add hidden watermarks to their outputs so that people can later check whether an image was made by a particular provider.
However, recent attacks show that an adversary may copy such a watermark from a genuine AI-generated image and make an unrelated image appear as if it also came from the same provider. This can undermine trust in watermark-based provenance systems.
“We propose SemBind, a defense that ties the hidden watermark to the actual content of the image. The main idea is that a watermark should only be valid when it matches the image semantics with which it was originally generated. If an attacker tries to transfer the watermark to a different image, this semantic mismatch makes verification fail,” the study mentioned.
Cover Picture Credit: Better Images of AI Wes Cockx & Google DeepMind
Also Read: ICML 2026 Awards: Diffusion Models Win Top Honours, A3C Gets Test of Time










