Cryptographic trust for AI-generated content
AI tool companies use Certivu to answer the disclosure question in enterprise RFPs — with cryptographic proof, not vendor promises.
Certivu signs AI output with ML-DSA (Dilithium) — a NIST FIPS 204 post-quantum standard — and embeds an invisible frequency watermark. Anyone can verify provenance in seconds, for free, forever.
Aug 2026EU AI Act Article 50 enforcement begins. Platforms must implement technical measures to disclose AI-generated content. Get compliant →Free tier includes 500 signatures/month · No credit card required
Built for the post-AI era
Every design decision prioritises cryptographic correctness and honest positioning.
ML-DSA Signatures
NIST FIPS 204Post-quantum Dilithium signatures on every piece of content — immune to future quantum attacks. RSA and ECC are never used, anywhere in the stack.
Spread Spectrum Watermark
DCT frequency domainAn invisible watermark spread across 4 independent frequency coefficients per block. Survives JPEG recompression, resizing, and social media upload.
PNG, WebP & JPEG
format-nativeTokens embed in PNG tEXt chunks, WebP XMP RIFF, and JPEG APP1 natively. No forced conversion — lossless images stay lossless.
Free Public Verification
no account neededAnyone can verify provenance without an account. Upload an image, get a cryptographic verdict in under a second. Unlimited and always free.
No Content Storage
privacy-preservingOnly hashes and signed records are stored — content never touches Certivu servers beyond the verification request.
Tamper Detection
SHA-3 hashingA single changed pixel changes the hash, fails the ML-DSA signature, and returns tampered: true immediately.
Generator Revocation
instant revocationRevoke a compromised generator and all its signatures become invalid across every past and future verification — no migration needed.
C2PA Compatible
manifest exportReads C2PA manifests on verification and exports C2PA-compatible manifests from every record, with ML-DSA adding post-quantum guarantees.
Perceptual Fingerprinting
pHash + Hamming64-bit pHash fuzzy lookup via Hamming distance recovers provenance even when watermarks are destroyed by resize, reformat, or heavy recompression.
Verification Analytics
Per-record verification counts, daily trend charts, authentic rate, and tamper detection dashboard.
Tamper alert emails fire the moment a hash mismatch is detected. Free tier: 7-day window. Starter+: 30–90 day full history with per-record drill-down.
Monthly Intelligence Digest
Automatic monthly email with signing stats, total public verifications, tamper event count, and quota status.
Delivered from [email protected] on the 1st of each month. Includes an upgrade nudge if you're approaching your plan limit. Available on Starter and above.
Webhook Events
Real-time HTTP callbacks for every signing, verification, tamper, quota, and revocation event.
HMAC-SHA256 signed with replay protection (5-minute tolerance). Auto-disabled after 5 consecutive failures. 30-day delivery log with per-delivery retry. Growth+ only. 6 event types: record.created, verify.attempted, verify.tamper_detected, quota.warning, quota.limit, generator.revoked.
From generation to verification
End-to-end provenance in three steps — from generation to public verification.
Sign at generation time
Your AI system calls Certivu when generating content. Content is hashed with SHA-3 and signed with an ML-DSA (Dilithium) keypair — a NIST FIPS 204 post-quantum signature that stays valid against future quantum attacks.
Embed the provenance token
Certivu embeds an invisible DCT-domain watermark in the image and stores the ctv_ token in XMP metadata. The watermark survives JPEG recompression, resizing, and social media upload.
Verify — free, for anyone
Anyone uploads the image to certivu.ai or calls POST /v1/verify. Certivu extracts the token, re-hashes the content, verifies the ML-DSA signature, and returns a cryptographic confidence verdict.
Simple pricing
Signing is paid. Verification is always free.
Save 20% with annual billing
Free
- ✓500 signs / month
- ✓Unlimited verifications
- ✓@certivu/sdk included
- ✓XMP + watermark embed
- ✓1 member (solo)
- ✓Community support
- ◑Intelligence
- ◈Analytics — 7-day window
- ◈Tamper detection dashboard
Starter
$39/mo billed annually
- ✓5,000 signs / month
- ✓Unlimited verifications
- ✓$0.008 per extra signature
- ✓Usage dashboard + audit log
- ✓Up to 5 team members
- ✓Email support
- ◑Intelligence
- ◈Analytics — 30-day full history
- ◈Tamper alert emails
- ◈Monthly digest email
Growth
$159/mo billed annually
- ✓30,000 signs / month
- ✓Unlimited verifications
- ✓$0.006 per extra signature
- ✓Full audit log + exports
- ✓Up to 15 members · full RBAC
- ✓Compliance documentation
- ✓Batch signing API
- ✓Priority email support
- ◑Intelligence
- ◈Analytics — 90-day · per-record drill-down
- ◈Tamper alerts + webhooks
- ◈Monthly digest email
Scale
$479/mo billed annually
- ✓150,000 signs / month
- ✓Unlimited verifications
- ✓$0.004 per extra signature
- ✓Full audit exports
- ✓Up to 50 members · full RBAC
- ✓Legal discovery package
- ✓SDK certification badge
- ✓SLA 99.9%
- ✓Dedicated support channel
- ◑Intelligence
- ◈Analytics — 90-day · per-record drill-down
- ◈Tamper alerts + webhooks
- ◈Monthly digest email
Enterprise
- ✓Unlimited signs
- ✓Unlimited verifications
- ✓Unlimited members · full RBAC
- ✓Custom compliance docs
- ✓Legal discovery exports
- ✓Dedicated account manager
- ✓Custom SLA + on-call
- ✓Security review
- ◑Intelligence
- ◈Analytics — 90-day · per-record drill-down
- ◈Tamper alerts + webhooks
- ◈Monthly digest email
All plans include unlimited verifications · No credit card required for Free