Can SynthID Be Bypassed? What Google's Invisible AI Watermark Can Actually Do
In April 2026, a developer published a free, open-source tool on GitHub claiming to partially bypass SynthID — the invisible watermark Google embeds in every image generated by Gemini. The tool gained over 1,600 stars in weeks. It also triggered a wave of confused questions: if SynthID can be cracked, does that mean AI images are now untraceable? Is removing the visible Gemini star the same thing as defeating SynthID? And what does any of this mean for someone who just wants a clean export of their own image?
This article separates what actually happened from what people assume happened — using only verified, sourced information.
What's confirmed: a developer claims to have isolated SynthID's pattern by averaging hundreds of black AI-generated images — no neural networks, just signal analysis. The claim is still being independently verified.
What this doesn't mean: SynthID isn't "broken" for everyday use, the visible Gemini star watermark is unrelated and was always trivial to remove, and Google has not confirmed the bypass works at scale.
What it means for you: if you just want to remove the visible star logo from your own Gemini image, none of this changes anything — that's a different, much simpler problem.
First — what is SynthID, exactly?
SynthID is not the small star icon (✦) you see in the corner of Gemini images. That's a separate, visible watermark. SynthID is a second, invisible layer — a cryptographic signature embedded directly into the pixel data when the image is generated.
Google describes the mechanism as "Tournament Sampling": during image generation, the model is given multiple equally plausible choices for each pixel, and a private key subtly biases which option gets picked. The result looks completely normal to a human, but Google's detector can statistically recognize the bias pattern. Google has confirmed the watermark survives cropping, recoloring, compression, and resizing — and has applied it to over 10 billion pieces of AI content across images, video, audio, and even text.
What did the developer actually claim?
According to a Medium post by the developer (known as Aloshdenny), the method involved generating roughly 200 pure black images with Gemini, then averaging them together. Because a solid black image carries almost no visual content to hide a pattern in, the watermark signal allegedly became visible in the average — like finding a hidden image by stacking transparent layers until the faint signature emerges.
The developer described it as basic signal processing — no machine learning model, no insider access to Google's systems. If accurate, the resulting "template" could theoretically be subtracted from a watermarked image to weaken or remove the signature.
As of this writing, the claim has not been independently confirmed by security researchers. Outlets covering the story describe it as "if validated" and note that verification could take weeks, partly because Google hasn't fully disclosed SynthID's technical specification. Treat this as an unverified claim with real-world traction (1,600+ GitHub stars), not an established fact.
Why this matters beyond the technical curiosity
The timing is what makes this significant. India's IT Amendment Rules 2026, which took effect in February, require platforms to proactively detect and label synthetic content or risk losing safe harbour legal protections. Watermark detection — including SynthID — is one of the primary mechanisms platforms rely on to meet that obligation.
If a free, public tool can degrade SynthID's reliability even partially, it undermines the assumption that detection-based content labeling actually works at scale. That's a regulatory and policy problem, not just a curiosity for developers.
Common questions people are actually asking
No — and this is the most common confusion. The visible star (✦) in the corner of Gemini images is a simple overlay. It can be removed with any inpainting tool, including WatermarkOff's Gemini mode. SynthID is a completely separate, invisible signature baked into the pixels themselves. Removing the star has never affected SynthID, and this bypass story doesn't change that relationship in either direction.
No. Even with the visible star removed, SynthID's invisible signature remains in the image (assuming the bypass tool wasn't separately applied, which is a distinct, far more technical process). Google's own detector — and any platform checking for SynthID — would still likely flag the image as AI-generated.
Not based on current evidence. SynthID was explicitly designed to survive incidental changes — compression, cropping, filters — not necessarily a determined adversarial attack built specifically to defeat it. Researchers have long warned that any algorithmically detectable watermark can theoretically be reverse-engineered by someone with enough patience. This claim, if confirmed, would be an example of that theoretical limit being approached in practice — not proof that watermarking as a category is pointless.
This is genuinely unclear and jurisdiction-dependent. In contexts like India's new disclosure rules, deliberately stripping detection signals from synthetic content before sharing it could plausibly run into legal trouble — though the rules target platforms' detection obligations more directly than individual users. We are not lawyers; if this matters for your use case, consult one rather than relying on a blog post.
Yes — as of this writing, Google's public position is that SynthID remains a robust verification tool, and the company continues expanding it across products (it now also covers Gemini-generated text, Imagen images, Veo video, and Lyria audio). Google has not issued a public statement confirming the bypass works as described.
A quick timeline of the controversy
What this means if you just want a clean image
If your actual goal is simpler than any of this — you generated an image with Gemini, you own it, and you just want to export it without the small star logo in the corner for a presentation, a thumbnail, or a portfolio piece — none of this controversy changes anything for you.
- The visible star watermark is a cosmetic overlay, unrelated to SynthID
- Removing it is legal for images you generated yourself, in most jurisdictions
- It does not require any "bypass" tool — standard AI inpainting handles it in seconds
- The invisible SynthID signature stays in the file either way, with or without the visible star
Don't confuse "removing a small visible logo from my own image" with "defeating an invisible content-provenance system." They are unrelated problems with very different stakes. One is a five-second editing task. The other is an active, unresolved security research question.
Just need to remove the visible Gemini star?
Free, auto-detection included. No account, results in seconds.
Try WatermarkOff free →Related reading
Sources: MediaNama (April 2026), TechBuzz AI (April 2026), Google DeepMind SynthID documentation, Google Gemini Apps Help Center. This article reflects publicly available information as of its publication date and will be updated if independent verification of the bypass claim is published.