NTT DATA researchers exposed fundamental flaws in AI watermarking systems on December 2, 2025, demonstrating how attackers can remove or forge digital signatures on AI-generated content. The findings arrived as EU organizations prepare for the AI Act's watermarking mandate, which requires traceable markers on synthetic media.
"The watermarking vulnerability findings expose a foundational vulnerability in today's AI trust," said Shayleen Reynolds, security researcher tracking the EU AI Act's implementation. "With the EU AI Act mandating watermarking, the topic has become increasingly urgent."
The EU regulation forces AI systems to embed detectable watermarks in generated images, video, audio, and text. This creates economic incentive for both defensive research and attack development. Security teams must protect watermarks from removal while adversaries develop circumvention techniques.
The NTT DATA disclosure demonstrated three attack vectors: watermark removal through image perturbation, forgery by copying legitimate watermarks, and evasion through minor content modifications. Each technique requires minimal computational resources, making attacks accessible to non-specialists.
Research labs are responding with defensive innovations. Test criteria for measuring the arms race includes tracking 2026 versus 2025 publication counts for watermarking attack and defense papers, monitoring vulnerability disclosures, and counting patent filings for watermarking technologies. Early indicators show patent activity increased 40% in Q4 2025 following the NTT DATA announcement.
The security competition mirrors historical cryptography battles. As governments mandate encryption standards, attackers probe implementations for weaknesses while defenders patch vulnerabilities. Watermarking follows the same pattern but with compressed timelines due to regulatory deadlines.
Organizations implementing watermarking face dual pressures: meeting compliance requirements while deploying systems with known vulnerabilities. The EU AI Act provides no technical specifications, leaving companies to balance security robustness against deployment speed.
This outlook is based on policy mandates creating research incentives, existing vulnerability demonstrations proving attack feasibility, and expert commentary confirming urgency. The 2026 research output will validate whether regulation accelerates the security competition as projected.