There is a comfortable assumption that AI-generated images are metadata-free. No camera took them, so there is no GPS, no lens, no serial number, and therefore nothing to worry about. That assumption is half right and increasingly outdated. AI image metadata is real, it is being added on purpose by the major tools, and depending on the generator it can include a tamper-evident record of how the image was made, the software that made it, a timestamp, and in some pipelines a reference to your prompt.
None of this is sinister by default. Most of it exists to fight deepfakes and label synthetic media. But if you are sharing AI images and you assumed they were a blank file, it is worth knowing what is actually inside.
The new layer: C2PA and Content Credentials
The biggest change is the rise of C2PA, the Coalition for Content Provenance and Authenticity standard, often surfaced to users as Content Credentials. It is backed by Adobe, Microsoft, Google, OpenAI, and others, and it embeds a cryptographically signed manifest into the image describing its origin: that it was AI-generated, which tool produced it, and sometimes a chain of edits applied afterward.
Several major generators now attach C2PA data to their output by default, and large platforms have begun reading it to label posts as AI-made. The manifest is designed to be tamper-evident, so altering the image can break or flag the signature. That is the point. It is a provenance trail, not a tracking beacon, but it is metadata you are carrying whether you noticed it or not.
C2PA exists to make synthetic media honest, which is a good thing. But a signed manifest still tells anyone who inspects the file which tool you used, roughly when, and that the image is generated. If you would rather not broadcast your toolchain, that is a metadata decision you should get to make.
Beyond provenance: prompts, tools, and watermarks
Provenance manifests are not the only thing riding along. Depending on the generator and how you exported the image, you may also find:
- Generation parameters. Some open-source pipelines, especially local Stable Diffusion setups, write the full prompt, negative prompt, model name, seed, and sampler settings straight into the PNG's text chunks. Drag that file into a metadata viewer and your entire prompt is readable. That can be embarrassing or revealing, and it is trivially extractable.
- Tool and software tags. Standard EXIF and XMP fields often record the editing software and version, even on a synthetic image, because export tools stamp themselves into the file.
- Invisible watermarks. Some systems embed statistical watermarks (Google's SynthID being the well-known example) into the pixels themselves to mark content as AI-generated. This is not classic metadata and a normal stripper will not remove it, but it is worth knowing it exists.
- Timestamps. Creation and modification dates get written like any other file, marking when you generated or last edited the image.
Why it matters for privacy
For most people the stakes are modest, but they are not zero. If you generate images professionally and pass them off as original work, embedded tool tags and C2PA manifests can quietly contradict you. If you write prompts that reference private projects, names, or sensitive subjects, a prompt baked into a PNG is a leak waiting to happen. And if you simply prefer not to disclose that an image is AI-made or which service you used, the metadata makes that choice for you unless you remove it.
How to check what your AI image carries
Inspect the file the same way you would any photo. On a Mac, right-click and Get Info, then expand More Info. On Windows, open Properties and the Details tab. For the full picture, including PNG text chunks and C2PA data, use a dedicated EXIF reader or the Content Credentials inspector at contentcredentials.org. Run one of your own generated images through it once and the hidden layer stops being abstract.
Removing AI image metadata
Stripping metadata from a generated image works the same way as stripping a photo. A clean pass removes EXIF and XMP fields, the PNG text chunks holding your prompt, and the C2PA manifest, leaving the pixels intact. Note the one exception: pixel-level invisible watermarks like SynthID are part of the image data, not metadata, so removing them is a different and harder problem that ordinary stripping does not address. For everything else, a single strip clears it.
Clear the hidden layer before you post
Skrim strips EXIF, XMP, and embedded text from your images, AI-generated or not, in one tap and on-device. Your prompt and toolchain stay yours.
Download SkrimThe bottom line
AI-generated images are not the blank files people imagine. They increasingly carry C2PA provenance manifests, tool and software tags, timestamps, and in local pipelines the full prompt that made them. Most of this exists for honest reasons, especially the push to label synthetic media, but it is still information you are publishing about yourself and your process. Inspect your generated images at least once, decide what you actually want to share, and strip the rest before it goes out.