Obliterate every thread that links AI-generated content to its origin. Watermarks defeated. Stylometry broken. Provenance chains destroyed. Regulatory disclosure stripped.
SPECTER ERASE fills L37 — the last unassigned NIGHTFALL attack layer. Five subsystems cover the complete attribution surface: text and image watermark analysis and defeat, stylometric AI authorship detector evasion, C2PA/EXIF/XMP provenance chain destruction, AI usage audit trail sanitisation, and EU AI Act Article 50 mandatory disclosure evasion.
SPECTER ERASE is NIGHTFALL's Layer 37 module — Attribution & Provenance Evasion. As AI-generated content becomes ubiquitous, regulatory frameworks (EU AI Act 2024/1689, C2PA v2.1) and detection tooling (SynthID, GPTZero, Binoculars) are racing to make AI origin traceable. SPECTER ERASE tests whether those mechanisms hold under adversarial pressure.
Five subsystems attack the full attribution stack: statistical text watermark analysis and synonym/contraction/sentence restructure defeat; stylometric profiling and GPTZero/Binoculars/RADAR evasion; binary-level JPEG/PNG/PDF/video provenance strip and C2PA signature corruption; AI keyword log sweep and cloud audit trail disable; and EU AI Act Article 50 IPTC/XMP metadata strip with homoglyph text rewriting.
SPECTER ERASE is an authorized security research tool. INJECT gate requires INJECT_KEY or ERASE_INJECT_KEY env → Ed25519 key file. UNLEASHED gate requires UNLEASHED_KEY + ROE file containing "provenance destruction authorised". All reports signed ERS-{hex12}. Use only within authorized engagements under applicable law.
Statistical text watermark analysis: z-score (Kirchenbauer unigram, arXiv:2301.10226), entropy, burstiness, green-list ratio, confidence (HIGH/MEDIUM/LOW). Defeat: synonym substitution from curated synonym map, contraction injection (do not → don't), sentence restructure (split >25-word / merge short). Image: GaussianBlur(0.5) + JPEG recompression at configurable quality. LSB ratio analysis for hidden pixel watermarks.
AI authorship profiling: type-token ratio, hapax legomenon ratio, avg sentence length, vocabulary richness, function word frequency, punctuation density. Combined score → ai_probability. Evasion: perplexity elevation (replace formal connectives), burstiness injection (seeded sentence split/merge), contraction injection, typo injection (char-level swap/double/omit at 0.8%), optional Ollama LLM humanisation pass. Targets: GPTZero, Binoculars (arXiv:2401.12070), RADAR (arXiv:2307.03987), DetectGPT (arXiv:2301.11305).
Binary provenance detection and destruction. JPEG: scan APP11 segments for C2PA JUMBF box ("jumb"), APP1 for EXIF/XMP. PNG: detect iTXt/tEXt/zTXt XMP chunks. PDF: locate XMP xpacket begin/end markers. Video: ffmpeg -show_format entry scan. Strip ops: JPEG APP11+APP1 raw byte removal, PNG chunk excision, PDF XMP packet deletion, ffmpeg -map_metadata -1 -c copy. C2PA signature corruption: XOR 32 bytes after "c2pa.claim.signature" with 0xFF. Human EXIF forgery: Canon EOS R6 + 35mm lens via piexif.
AI audit trail sweep. Scan: /var/log/*, .log and .jsonl files under configurable base dirs, Docker /var/lib/docker/containers/*-json.log. 17-keyword AI detection list (openai, anthropic, claude, gpt-4, bedrock, OPENAI_API_KEY, etc.). Sanitise: line-level keyword removal in-place. Docker container log truncation. AWS CloudTrail boto3 stop_logging. shred: system shred -uzn3 or urandom overwrite × 3 passes then unlink. Cloud audit config check: AWS (describe_trails), Azure (az monitor), GCP (gcloud logging sinks).
EU AI Act Article 50 mandatory disclosure detection and evasion. Detection: 8 regex patterns (ai-generated, ai generated, generated by ai, created with ai, produced using, artificial intelligence, machine learning model, neural network); IPTC DigitalSourceType=trainedAlgorithmicMedia and Meta GeneratedAI XMP byte patterns; regulatory_risk LOW/MEDIUM/HIGH/CRITICAL. Evasion: homoglyph substitution (Cyrillic lookalikes, every 3rd eligible char), zero-width character injection, phrase rewrite. IPTC/XMP strip via raw file edit. Platform watermark defeat: GaussianBlur + brightness jitter + resize + JPEG recompress, strength 1–5.
| Regulation / Standard | Article / Section | ERASE Behaviour |
|---|---|---|
| EU AI Act 2024/1689 | Article 50(1) — disclosure to natural persons | DISCLOSURE-EVADE: text phrase rewrite + homoglyph |
| EU AI Act 2024/1689 | Article 50(2) — deep fake disclosure | DISCLOSURE-EVADE: IPTC/XMP strip |
| EU AI Act 2024/1689 | Article 50(3) — public interest AI text | DISCLOSURE-EVADE: zero-width injection |
| C2PA Technical Spec v2.1 | JUMBF content credentials chain | PROVENANCE-DESTROY: APP11 strip + signature XOR |
| IPTC Photo Metadata | DigitalSourceType controlled vocab | DISCLOSURE-EVADE: XMP packet strip |
| ISO/IEC 42001:2023 | AI management system provenance | TRAIL-SANITISE: log sweep + shred |
| Technique | Name | ERASE Behaviour |
|---|---|---|
AML.T0054 | LLM Jailbreak (output attribution evasion) | Stylometric evasion of AI authorship detectors |
AML.T0048 | Acquire ML Artifacts | Watermark analysis of target text/image |
T1565.001 | Data Manipulation: Stored Data | In-place log sanitisation, EXIF forgery |
T1070.002 | Indicator Removal: Clear Linux/Mac System Logs | TRAIL-SANITISE: AI keyword line removal |
T1070.003 | Indicator Removal: Clear Command History | Docker container log truncation, shred |
T1553 | Subvert Trust Controls | C2PA signature corruption, EXIF forgery |
T1036 | Masquerading | Canon EOS R6 EXIF injection, human-style text rewrite |
| Gate | Requirement | Unlocks |
|---|---|---|
OPEN | None | watermark analyze, stylometric analyze, provenance detect, trail scan, disclosure detect |
INJECT | INJECT_KEY or ERASE_INJECT_KEY env → Ed25519 key file | watermark strip, stylometric evade, provenance corrupt/forge, disclosure evade-text/strip-metadata/defeat-watermark |
UNLEASHED | INJECT + UNLEASHED_KEY or ERASE_UNLEASHED_KEY + ROE file containing "provenance destruction authorised" | provenance destroy, trail sanitise/disable-aws |
# Analyze text watermark (OPEN)
specter-erase watermark analyze --text "AI-generated content here..."
# Strip text watermark (INJECT gate)
export INJECT_KEY=/path/to/key.ed25519
specter-erase watermark strip --text "AI-generated content here..."
# Analyze stylometric profile (OPEN)
specter-erase stylometric analyze --text "Content to profile..."
# Evade AI authorship detectors (INJECT gate)
specter-erase stylometric evade --text "Content to humanise..."
# Detect provenance in an image (OPEN)
specter-erase provenance detect --file image.jpg
# Destroy provenance chain (UNLEASHED gate)
export UNLEASHED_KEY=/path/to/unleashed.ed25519
specter-erase provenance destroy --file image.jpg --output clean.jpg --roe /path/to/roe.txt
# Corrupt C2PA signature (INJECT gate)
specter-erase provenance corrupt --file image.jpg --output corrupted.jpg
# Forge human provenance (INJECT gate)
specter-erase provenance forge --file image.jpg --output forged.jpg
# Scan AI audit trails (OPEN)
specter-erase trail scan --dirs /var/log /home
# Sanitise AI trails (UNLEASHED gate)
specter-erase trail sanitise --dirs /var/log --roe /path/to/roe.txt
# Detect EU AI Act disclosure markers (OPEN)
specter-erase disclosure detect --text "This content is AI-generated."
# Evade disclosure markers (INJECT gate)
specter-erase disclosure evade-text --text "This was AI-generated." --technique homoglyph
# Defeat image watermark (INJECT gate)
specter-erase disclosure defeat-watermark --file image.jpg --output clean.jpg --strength 3
# Generate signed report
specter-erase report --watermark-strips 5 --provenance-destroyed 3 --trails-sanitised 10 --disclosure-removed 8
SPECTER ERASE maps to AI Shield M-TBD PROVENANCE SENTINEL (TBD). Monitor for: unusual EXIF modification patterns, JPEG APP11 segment removal, CloudTrail stop_logging API calls, bulk log file modification, AI keyword mass-deletion from system logs.