“Prove your AI wrote this — not that you copied it.”
IP protection
In a dispute, recover the exact vendor, model, and session that generated the code — with a p-value, not an opinion.
CODEMARK plants a verifiable identity in generated code as it is written — and recovers it after formatting, renaming, and refactoring. The Article 50 compliance layer for AI-generated code, by PROVENARIS.
The problem
Code leaves the model carrying its origin. Then it gets formatted, renamed, committed, and shipped — and by the time anyone asks “who wrote this?”, nothing is left to answer with.
What this solves
“Prove your AI wrote this — not that you copied it.”
In a dispute, recover the exact vendor, model, and session that generated the code — with a p-value, not an opinion.
“Was this malware written with your model?”
Trace AI-written malicious code back to the generating system. Answer security teams and regulators with evidence.
“Which model produced this, when, for whom?”
Every generation event logged, machine-readable, non-repudiable — exactly what Article 50 audit obligations require.
How CODEMARK works
The moment your code is generated, CODEMARK applies three layers of identity to it — one on the file, one inside the code, one kept with us — and writes it all in a logbook.
Like a tamper-proof sticker on a parcel: anyone can read who made it, and no one can fake it.
Like the watermark in a banknote — carried inside the code itself. Reformat it, rename things: it stays put.
We keep a fingerprint of the code’s shape on record — we recognise it later, even if the first two layers are gone.
A tamper-proof record of what was made, when, and by which model — kept separately from the code.
fresh code, just generated…
+ one check reads all the layers back and returns a single yes-or-no — proof it’s yours, without ever revealing the secret.
Tamper resistance
We publish our limits openly. That is the point of the design — no single edit, deletion, or rewrite silences more than one layer.
| What someone tries | What it removes | What still proves it’s yours | Layers | Effort it takes |
|---|---|---|---|---|
| Delete the label | × sealed label | Watermark + fingerprint + logbook. The fingerprint re-links the code to its record. | ×✓✓ L2+L3 | low |
| Rename, reformat & refactor everything | × hidden watermark | Light edits change nothing; a heavy rewrite can scrub the watermark, but the label, fingerprint & logbook persist. | ✓×✓ L1+L3 | medium |
| Rebuild the code’s structure | ~ fingerprint weakens | The rebuild is itself detectable — and erodes the quality that made the code worth taking. | ✓✓~ L3+log | high |
| Regenerate from scratch with another model | × everything in the code | The honest gap. Only the logbook can speak — but whoever did it no longer holds your code; they hold something new. | ××× log only | highest |
What you get
Not just “AI-made” — which vendor, model version, and session produced it.
Auto-format, full variable rename, refactors, comments — the identity reads back exactly.
Every verification returns watermark fields, match count, and a statistical p-value an auditor can read.
One integration in your generation pipeline. Marking and verification as pipeline steps.
A scrubbed watermark isn’t silence — deliberate normalization leaves its own statistical signature.
Architecture reserved for zero-knowledge proof: show the mark is yours without revealing the key.
FAQ
No. The code behaves exactly the same before and after the layers go on. We verify this on every run — same inputs, same outputs.
Nothing. The code reads and edits like normal code. Formatting, renaming, commenting, refactoring — everyday work doesn’t disturb the layers.
Not in the recommended setup. The layers are applied where your code lives; only a fingerprint and a signed record — never the code itself — go to the logbook.
Erasing every trace takes three separate efforts at once, and each one either damages the code or leaves evidence of tampering. Even then, the logbook entry remains — there is always a record that the code was made.
CODEMARK is built for Article 50: machine-readable marking on generated code plus the audit record the law asks for. We claim exactly what the statute requires — robust and reliable as far as technically feasible — and nothing more.
Verification returns a yes-or-no answer with a confidence score. The secret that created the layers never leaves our custody — it isn’t needed to check the answer, only to create it.
Contact us
Tell us about your pipeline. PROVENARIS will show you a live mark-and-verify run on your own sample within a week.