Introduction
Introduction
Verbitas is content provenance and AI-transparency infrastructure. It gives your application a way to cryptographically record the origin of an asset, embed a durable watermark, and later verify or recover that record — even when the file has been re-shared, cropped, or compressed.
What Verbitas does
Six layers compose the platform. All six participate in a single sign call.
| Layer | Name | Description |
|---|---|---|
| 1 | Cryptographic provenance | C2PA 2.4 manifests, X.509 signing, OCSP/CRL, RFC 3161 timestamps, ingredient chain |
| 2 | Durable watermarking | Imperceptible payload embedding: TrustMark (image), AudioSeal (audio), VideoSeal (video), SynthID-Text (text, generation-time only) |
| 3 | Soft-binding recovery | Exact match (hash, watermark ID), fuzzy match (pHash, audio/video fingerprint), semantic match (ANN, experimental) |
| 4 | Public verification | Human-readable verifier UI, machine-readable API, closed-enum verification states, embeddable widget |
| 5 | Audit / compliance / enterprise | Tenant-scoped append-only audit log, metered billing, admin console, BYOK KMS, DPA support |
| 6 | Agent-native access | MCP server (verbitas-mcp), Python/TypeScript/Go SDKs, recipe engine, agent self-onboard endpoint |
What Verbitas does not do
- Verbitas does not prove semantic truth. A verified manifest means the origin claim has not been tampered with. It does not mean the content is accurate, unedited in every sense, or legally admissible.
- Verbitas does not automatically make you compliant. Whether a Verbitas integration satisfies EU AI Act Article 50 or any other regulation depends on your deployment context and qualified legal advice.
- Verbitas does not label content as “real” or “fake”. The verification result is one of 16 explainable state codes. None of them use the words “real”, “fake”, “authentic”, or “genuine”. See Verification States.
Key concepts
Recipe — A YAML configuration document that specifies which operations run for a sign or verify call: which watermark engine, which C2PA assertions, which anchoring tier, how long to retain manifests. Verbitas ships 10 preset recipes; you can create custom recipes that extend a preset.
C2PA manifest — A cryptographically signed JUMBF structure embedded in the asset (or stored as a sidecar). It records who signed the asset, when, and what assertions were made about it.
Watermark ID — A 16-byte ULID embedded imperceptibly in the asset’s pixel/sample data. It points back to the manifest record even if the manifest structure is stripped.
Soft-binding index — A database of fingerprints (exact hash, perceptual hash, watermark ID) that lets the POST /v1/lookup endpoint find the manifest for a modified copy that no longer carries an embedded manifest.
Verification state — One code from a closed enum returned by POST /v1/verify. It describes exactly what the evidence supports, no more.
API base URL
https://api.verbitas.ioAll endpoints accept Authorization: Bearer <api_key>. See Authentication.
Next steps
- Quickstart — sign and verify your first asset in 5 minutes
- Concepts: Provenance & C2PA — deeper dive into Layer 1
- API Reference: Sign — full request/response documentation