Seven EXIF Metadata Mistakes That Get AI Photos Flagged

title: "Seven EXIF Metadata Mistakes That Get AI Photos Flagged" description: "The seven EXIF inconsistencies that modern AI image detectors check first — and the simple discipline that prevents each one. A reference for anyone shipping AI-generated photos in 2026." slug: "exif-metadata-mistakes" publishedAt: "2026-06-01" updatedAt: "2026-06-01" author: "SynthGuard Team" category: "guides" tags: ["exif", "metadata", "ai-detection", "humanization", "forensics"] readingTime: 9 coverImage: "/blog/covers/exif-metadata-mistakes.jpg" featured: false faq:

• q: "Do detectors really read EXIF, or do they just analyze pixels?" a: "Almost every production detector reads EXIF first. Metadata analysis is essentially free compared to pixel analysis, so detectors use it as a fast gate: missing EXIF, inconsistent EXIF, or EXIF written by known AI tools all raise the score before a single pixel is touched."
• q: "Is it safer to strip EXIF entirely than to fake it?" a: "No. An EXIF-stripped photo is suspicious by default — real cameras and modern phones almost always preserve some metadata. The detector treats missing EXIF as a flag in its own right. Faking a complete, internally consistent EXIF block scores lower than stripping."
• q: "How does GPS work in a believable EXIF block?" a: "Either omit GPS entirely (many users disable it) or include GPS with realistic noise — coordinates to 4-5 decimal places, varying slightly between shots in the same location. Identical 8-decimal-place coordinates across a whole profile is a flag." related: ["how-ai-image-detectors-work", "humanize-ai-images-without-losing-quality", "c2pa-content-credentials-explained"]

EXIF is the cheapest signal a detector has and the most expensive one to fake well. Almost every flagged AI photo we audit has a metadata mistake that would have been a 30-second fix at export time. This is a reference list of the seven mistakes we see repeatedly, ordered by how often they trip detectors in practice.

1. No EXIF at all#

Stripping EXIF feels safe — it removes the "Software: Midjourney" string and the suspicious gaps where camera fields should be. It is not safe. Real cameras and phones write EXIF by default. A photo with zero metadata is a category that, in modern detector training sets, correlates strongly with AI generation and forwarded screenshots.

Fix: Generate a complete EXIF block before export. Camera make, model, lens, ISO, aperture, shutter, white balance, software string. Internally consistent. Every time.

2. Generator software strings left in place#

Midjourney writes Software: Midjourney. Sora writes a model identifier. Stable Diffusion forks write a variety of tags depending on the UI. Detectors maintain explicit blocklists for these strings. Leaving any of them in your export is the same as filing a confession.

Fix: Overwrite the software string with a plausible value (Adobe Lightroom Classic 13.x, Capture One 23, the camera's own firmware string) — never with empty.

3. Camera and lens mismatch#

A "Sony A7 IV" body paired with a "Canon EF 24-70mm f/2.8L" lens is a flag. Real photographers shoot with bodies and lenses from the same mount system. Detectors compare make/model against a small set of known compatibilities.

Fix: Pick one camera profile per persona and use only lenses that physically fit that body. Sony bodies get Sony E-mount glass. Canon RF bodies get RF glass. iPhones get their own integrated focal lengths (24mm, 13mm, 77mm equivalent for the Pro line).

4. Exposure values that don't match the scene#

ISO 6400 with f/16 at 1/1000s is technically valid but represents an exposure no human would choose. Detectors compute the exposure value from ISO/aperture/shutter and check whether it is consistent with the scene's brightness. A daylight outdoor shot exposed at ISO 6400 is suspicious. A dim indoor portrait at ISO 100 and 1/2000s is suspicious.

Fix: Match the EV to the scene. Daylight outdoor: ISO 100–400, f/4–f/8, 1/250–1/2000. Indoor portrait: ISO 400–1600, f/1.8–f/4, 1/60–1/250. Low light: ISO 1600+, wide aperture, slow shutter.

5. Timestamps that don't make sense as a series#

A single shot at 3:47 AM is fine. A profile where every photo was supposedly taken at 3:47 AM is not. Detectors increasingly look at timestamp distributions across a profile — real photographers shoot in clustered sessions, not at uniform random times.

Fix: Generate timestamps in plausible sessions. A "Saturday afternoon shoot" should produce 20 photos within a 2-hour window, not 20 photos spread evenly across a week. Different sessions for different outfit changes. Sleep windows actually empty.

6. GPS that's too precise or too uniform#

GPS coordinates with eight decimal places of precision do not come from real phones — most consumer GPS rounds to four or five. GPS coordinates that are byte-identical across 50 photos in different rooms of "the same apartment" are a flag in their own right (real GPS jitters even when stationary).

Fix: Either omit GPS entirely (legitimate; many users disable it) or jitter coordinates by ±0.0002° between shots in the same nominal location.

7. Color profile mismatch#

A photo tagged as sRGB but with color statistics that lie outside sRGB's gamut is a flag. A photo tagged as ProPhoto RGB with no embedded profile is a flag. A photo from "an iPhone" tagged with a profile no iPhone ever wrote is a flag.

Fix: Tag with sRGB and embed the matching profile, unless you have a specific reason to use Display P3 (iPhone defaults) or Adobe RGB (some pro DSLR defaults). Whatever you pick, embed it.

A reference EXIF block for an iPhone 15 Pro persona#

For creators who want a starting template, here is the field set we use for an iPhone 15 Pro persona. Vary the per-shot fields (timestamp, EV, GPS) but keep the camera, lens, and software strings stable across the persona's entire output.

Make:            Apple
            Model:           iPhone 15 Pro
            LensMake:        Apple
            LensModel:       iPhone 15 Pro back triple camera 6.86mm f/1.78
            Software:        17.5
            ColorSpace:      sRGB
            ExifVersion:     0232
            ISO:             100..400 (daylight) / 800..2500 (indoor)
            FNumber:         1.78 / 2.8 / 2.2 (matched to focal length)
            ExposureTime:    1/60..1/2000
            WhiteBalance:    Auto
            DateTimeOriginal: clustered in sessions
            GPSLatitude/Lon: optional, jittered ±0.0002°
          

The honest summary#

EXIF is the easiest layer to get right and the easiest to get wrong. None of the seven mistakes above require a sophisticated detector to catch — a 50-line script can flag all of them. If you are doing the hard work of humanizing pixel-level signals (PRNU injection, FFT disruption) and shipping with broken EXIF, you are leaving the front door open after locking the windows.

A complete, internally consistent EXIF block from a fixed camera profile is, on its own, worth more detector confidence reduction than most pixel-level humanization layers. Do it first, do it once per persona, and stop thinking about it.

If you want EXIF generation handled for you with a library of real camera profiles, the Photo Humanizer writes the full block at export time — including the EV consistency checks, lens compatibility, and timestamp jitter described above. It runs in your browser, so the file never leaves your device.

All third-party names, logos and trademarks (e.g. Hive, Optic, Sensity, Sightengine, Illuminarty, GPTZero, Instagram, TikTok, OnlyFans, Fanvue, SynthID, C2PA) are the property of their respective owners. SynthGuard is an independent service and is not affiliated with, endorsed by, sponsored by, or partnered with any of these companies or platforms. Detector and platform names are used solely for descriptive comparison under § 6 UWG / Art. 4 Directive 2006/114/EC.