Alosh Denny

Recently @AloshDenny made something that fools Google @Google check this out

Retd. Officer Alosh Denny, Himalayas

brain activity while watching shawarma reels

@sidharthsajith5 @Meta i have no idea we could perhaps use it to desensitize parts of the brain that respond to such harmful content - such as what germany did to super soldiers in ww2 idk cool stuff tho

@AloshDenny @Meta so is it like good or bad?

Brain activity when shown a Cartel Execution video @Meta TribeV2

@Ozacle23 Go ahead

Hiring a Founder's Office Generalist at Shram! 🚨 -45LPA + Benefits -stay and work from our villa in Indiranagar (no rent) -0-3 y/o experience -must be cracked -DM me/comment below, I'll send you the access to Shram. Study it for a week -> come out with a product breakdown+growth roadmap (Mac users only). Mail your findings - ojasvika@shram.ai

@rajatsandeepsen Dream of every rejected YC applicant😭

ദൈവമേ, നാളെത്തെ YC Startup സ്കൂളിലെ ഫുഡ് കഴിച്ച് എല്ലാവർക്കും വയറിളക്കം വന്നു പരിപാടി മൊത്തം ഊമ്പണേ

AI in a nutshell

Has Google’s AI watermarking system been reverse-engineered? theverge.com/ai-artificial-…

NO cheating, post your last saved image without any context 💀

@_aaronegeorge @godofprompt boss came in clutch🙇🏻

@godofprompt That one guy with a laptop is @AloshDenny 😌

🚨 BREAKING: GOOGLE’S “UNBREAKABLE” AI WATERMARK JUST GOT JAILBROKEN BY ONE GUY WITH A LAPTOP. I don’t think people understand the gravity of what just happened. Every single image Nano Banana has ever generated carries SynthID, an invisible watermark baked into every pixel. Not a logo you can crop. Not metadata you can strip. A signal woven into the DNA of the image itself. → 20 billion pieces of content watermarked → Invisible to the human eye → Survives cropping, compression, screenshots, filters → Google told the White House this was their answer to deepfakes → They told regulators it was unremovable One researcher just proved that last part wrong. Kind of. Here’s what he did. He asked Nano Banana to generate a pure black image. Just solid black. “Recreate this as it is.” On a pure black image, every nonzero pixel value IS the watermark. There’s nothing else there. No photo. No content. Just Google’s invisible tracking signal sitting completely naked in the open. He generated 200 of these. 100 pure black. 100 pure white. Averaged them together. And extracted the exact spectral fingerprint of SynthID at every frequency bin, per color channel. The green channel carries the strongest signal. The whole pattern, mapped with FFT analysis that’s been around for decades. From his laptop. Using math. That’s it. Meanwhile, a separate team at the University of Waterloo built a tool called UnMarker. → Fully black-box → No access to Google’s detector → No knowledge of the algorithm → Peer-reviewed at IEEE Security and Privacy It dropped SynthID detection from 100% to around 21%. Open-sourced on GitHub. Sounds like the watermark is dead, right? ACTUALLY. Here’s what nobody is telling you. The researcher who built reverse-SynthID wrote a full Medium post about the project. And in it, he says something most people quoting him are conveniently leaving out: “SynthID is genuinely good engineering. The fact that the best I could pull off was confuse the decoder enough that it gives up, not actually delete the thing, says a lot about how well it was designed.” He didn’t remove the watermark. He confused it. His V2 achieved a 16% evasion rate. Not 90%. Not “jailbroken.” Sixteen percent. After weeks of work. 123,000 image pairs. 200 blank Gemini outputs. Deep expertise in spread-spectrum encoding. All of that for a 16% confusion rate. The V3 shows better numbers on paper, but even he admits the watermark isn’t gone. The decoder just returns “uncertain” instead of “watermarked.” A completely separate researcher, Allen Kuo, spent days in December 2025 trying every signal-processing attack he could think of. His conclusion? “We failed to remove SynthID. But in failing, we discovered something profound about how it works, and why Google’s design is essentially unbreakable.” He found that SynthID isn’t a watermark added ON an image. It IS the image. Every pixel choice was influenced during generation. You can’t separate them without destroying the thing you’re trying to save. And Google already knew people would try this. Their October 2025 paper says the decoder “can be updated on the fly to address new attacks” while the encoder stays in production. They designed versioning from day one. So no. SynthID has not been “jailbroken.” Not in any meaningful sense. But here’s where the REAL problem starts. Because the actual threat to AI safety has nothing to do with one researcher confusing a decoder. → SynthID only detects content made by Google. Images from Midjourney, Flux, DALL-E, any open-source model? Completely invisible to it. It’s not a deepfake detector. It’s a Google signature. → UnMarker IS legit and DID drop detection to 21%. But it requires a 40GB Nvidia A100 GPU that costs over $10,000. Not “anyone with a laptop.” → Google, OpenAI, Anthropic, and Meta all signed the White House AI commitment in 2023. The EU AI Act requires watermarking. Regulatory frameworks are being built on this tech right now. → 20 billion pieces of content carry SynthID. But every image generated outside Google’s ecosystem has zero watermark at all. The watermark itself is genuinely impressive engineering. The policy built around it is the problem. Governments are treating watermarking as THE solution to AI misinformation. But it only works if every AI provider uses it, if nobody can bypass it, and if detection is universal. None of those things are true. None of them will be true. The real story isn’t “one guy broke Google’s watermark from his bedroom.” The real story is that the entire global strategy for AI content authenticity is built on a system that only covers one company’s outputs, can be confused by determined researchers, and doesn’t exist at all on the open-source models anyone can download and run for free. SynthID is the best AI watermark ever built. And it still isn’t enough.

🚨 BREAKING: Google DeepMind embedded an invisible watermark into every single image Gemini has ever generated. Over 10 billion pieces of content. One unemployed engineer just cracked it open. With 200 black images and math. It's called reverse-SynthID. Bookmark it for later. SynthID was supposed to be unbreakable. It's baked into every pixel at the generation level. Not metadata you can strip. Not an overlay you can crop. The watermark IS the image. Here's how he broke it: He generated 200 pure black images from Gemini. When you average enough pure-black AI images, every non-zero pixel is the watermark. Nothing to hide behind. Just the raw signal exposed. Then he ran FFT spectral analysis and discovered something Google probably didn't want anyone to find: → The watermark uses a fixed phase template. Identical across every image from the same model → Cross-image phase coherence at carrier frequencies: over 99.5% → The green channel carries the strongest watermark signal → Carrier frequencies shift based on image resolution but the structure is always the same No neural networks. No proprietary access. No leaked code. Just signal processing and too much free time. One engineer. 200 black images. Basic math. That's all it took to reverse-engineer a system built by Google DeepMind to protect 10 billion+ pieces of content. Research and educational purposes only. 100% Open Source. (Link in the comments)

If you're building a product that detects or removes SynthID watermarks — You might be using my research without knowing it. The repo is open. Commercial use requires a license. The terms are lightweight. I'm easy to work with. Let's build something together. → github.com/aloshdenny/rev… 📧 aloshdenny@gmail.com

No lab. No funding. No team. Just a developer from Kerala, India — running FFT plots at night, between job applications. I reverse-engineered Google DeepMind's SynthID watermark for fun. It got productized by a company in Oslo before I even woke up. If this kind of work matters to you: ☕ buymeacoffee.com/aoxo

A competitor paid people to leave bad reviews on my GitHub repo. One of his own community members snitched. The repo is still up. The research still works. And now 23 people accidentally gave me free marketing😘 If you work with AI-generated images, this is worth knowing about: → github.com/aloshdenny/rev…

GOOGLE BUILT AN INVISIBLE WATERMARK INTO GEMINI IMAGES, AND AN ENGINEER SAYS HE CRACKED IT WITH BLACK IMAGES, MATH, AND A FOURIER TRANSFORM. The bigger point is that SynthID was supposed to survive screenshots, compression, and edits, but the signal may be far more detectable and reusable than people thought.

6/ I'm a developer from Kerala, India. No lab. No GPU budget beyond what I can scrape together. No team. This took nights of FFT plots, failed codebook builds, and way too many cups of chai. The repo is open. The research is documented. A company already productized it — which is why I added a commercial license clause. If you find the work useful, a coffee goes a long way toward compute costs for the next one: ☕ buymeacoffee.com/aoxo And if you work in watermarking, AI security, or just think this is interesting — let's talk. DMs open.

5/ How I built the codebook (the clever part): Pure black and pure white images generated by Gemini are almost entirely watermark. Feed 100 black + 100 white Gemini outputs into FFT → the watermark survives the average, everything else cancels. Cross-validate using |cos(phase_diff)| > 0.90 to filter generation bias from real carriers. 200 reference images → a near-perfect fingerprint of the watermark.

I reverse-engineered Google DeepMind's SynthID — the invisible watermark baked into every Gemini image. No access to their encoder. No proprietary code. Just signal processing, FFT analysis, and stubbornness. 90% detection accuracy. 91% phase coherence drop on removal. 43+ dB PSNR. Built this alone. For fun. While unemployed. → github.com/aloshdenny/rev… If this helped you or your team, I'd genuinely appreciate a coffee: ☕ buymeacoffee.com/aoxo