A vocal that sounds exactly like an artist on your roster shows up in a track you've never heard, on a release you never approved. The singer is furious. Legal wants to know if it's actionable. And the only honest answer anyone in the room can give is: we don't know yet, because we can't prove where it came from.
That gap — between "this is obviously our artist" and "we can demonstrate this is our artist" — is the real story of AI licensing and rights right now. Enforcement, royalties, takedowns, the whole machinery of music business depends on a single unglamorous capability: knowing where a piece of creative work came from. You can't license what you can't trace, and you can't sue over what you can't fingerprint. So before the lawyers, before the deals, there's a provenance problem. Three different technical approaches are competing to solve it, and they solve different parts.
What "provenance" actually means in an AI context
Provenance is the documented chain of where a creative work originated and what it's derived from. In the AI era it splits into two questions that used to be one. The first is the old question: did this recording copy that recording? The second is new: was this work generated by a model trained on a catalog, and if so, whose? A track can fail the second test while passing the first — no sample lifted, no melody copied, but a voice or a style clearly learned from a specific artist. Provenance technology is the attempt to answer both, and most tools only answer one.
Here's how the three dominant approaches stack up against four criteria that actually matter to a rights operation: what it catches, where it sits in the pipeline, whether it scales, and how much friction it imposes on the artist.
Approach 1: Fingerprinting and detection registries
This is the lineage of Content ID and acoustic fingerprinting, extended to flag AI output. You register reference assets, and a system scans uploads across platforms for matches and near-matches. It's mature, it scales to millions of assets, and rights managers already understand it.
The blind spot is the one that matters most now. Fingerprinting was built to catch copies. AI doesn't copy — it transforms. A model that reproduces an artist's vocal timbre without reproducing any specific recording slides under a fingerprint match. Newer detection layers claim to catch voice cloning and style replication rather than literal audio, but those claims live downstream of generation: by the time the system flags something, the work exists, it's circulating, and you're doing enforcement, not prevention. False negatives on heavily transformed audio remain the honest weakness, and vendors are not eager to publish their miss rates.
Best at: finding infringement after the fact, at scale. Worst at: stopping it, and catching the transformations that aren't technically copies.
Approach 2: Embedded content credentials at creation
The second approach signs provenance into the file the moment it's made. Content Credentials — the C2PA standard backed by a broad coalition of media and platform companies — attaches tamper-evident metadata describing how an asset was produced, including whether AI was involved. Audio watermarking does a quieter version of the same thing, embedding an inaudible signal into the waveform.
The strength is that provenance travels with the work instead of being reconstructed later from a database. If a generator writes credentials at export, the downstream chain can read them. The weakness is participation and persistence. Credentials only exist if the tool that made the file chose to write them, and metadata strips the instant someone re-encodes, screen-records, or runs the file through a converter that doesn't preserve it. Watermarks survive more abuse but not all of it. This approach builds a clean supply chain among cooperating parties; it does almost nothing about bad actors who never opt in.
Best at: maintaining a trustworthy chain inside a controlled pipeline. Worst at: anything involving someone who doesn't want to be tracked.
Approach 3: Attribution at the training layer
The third approach moves upstream of generation entirely. Instead of asking whether an output copied an input, it tracks which catalog a model learned from and attributes value back accordingly — opt-in training datasets, influence measurement, and royalty splits tied to contribution. This is the approach that addresses the actual economic harm: an artist's work shaping a model that then competes with them.
It's also the least verifiable. "Influence" inside a neural network is not a clean accounting line, and the math that converts it into a royalty share is, for now, proprietary and largely unaudited. The approach is credible in principle and opaque in practice, which is exactly why major labels have been acquiring the companies that do it rather than trusting them at arm's length — buying the capability buys some visibility into the black box.
Best at: compensating for the harm that fingerprinting and credentials ignore. Worst at: proving its own numbers to a skeptical rightsholder.
The three approaches, side by side
| Criterion | Detection registry | Content credentials | Training attribution |
|---|---|---|---|
| What it catches | Copies and near-matches, post-release | Production history of cooperating files | Dataset-level influence on a model |
| Pipeline position | After generation | At creation | Before generation |
| Scales to millions | Yes | Only among adopters | Partially, hard to verify |
| Artist friction | Low (registration) | Low (automatic) | Medium (opt-in, trust) |
| Blind spot | Transformed, non-literal output | Stripped metadata, non-participants | Unauditable influence math |
Where this leaves a rights manager this quarter
No single row in that table is a strategy. Detection registries give you enforcement for what's already loose. Content credentials give you a clean chain for the supply you actually control — your own AI-assisted production, your licensed collaborators. Training attribution is the only layer that touches the new harm, but it's the one you'll have to verify hardest before you trust a royalty statement built on it.
The verdict isn't a winner. It's a stack. Operations that treat provenance as one purchase will keep getting surprised; the ones treating it as three layers with three jobs are the ones that can answer the question in the room when the cloned vocal shows up.
Where clean supply fits
This is the side City of Punk works on: machine-born music generated from a corpus we control, licensed for commercial use without sample-clearance exposure. It's not detection and it's not attribution — it's the part of the chain where you'd rather start clean than litigate later. For a game build or a Friday edit, that's usually the layer you need first.
Provenance isn't proof you own something. It's proof you can show your work — and in the AI era, that's the only ownership that holds.
Try it yourself, free
Generate your first royalty-free track in seconds. No card, no catch — type a prompt and hit render.
