Introducing Bookend AI Watermarks: a simple and secure tool for ensuring accountability and transparency in AI development and deployment.

Vivek Sriram
4 min readNov 13, 2023

As Generative AI increasingly penetrates all aspects of the modern enterprise, the need for trust, safety, risk and regulatory compliance grows in equal measure. Companies using AI want to protect intellectual property, ensure transparency and accountability and control the spread of misinformation. For developers of enterprise applications who need to support customer workloads across multiple platforms, there aren’t any simple ways to verify the authenticity of any asset and then audit its deployment and use.

Until now. Introducing Bookend AI Watermarks, a simple, cost-effective and effective way to embed a unique identifier to common tasks, operations and data and then independently verify and audit it.

Need: Enterprise application developers today face increasing demand from customers, regulators and their own security leadership to ensure the transparency, accountability and safe use of AI in the application workflows where AI is used.

Some common needs include:

  • Protecting intellectual property: companies want to protect their own AI-generated content, including images and text and to manage how it’s spread and used.
  • Promoting transparency and accountability: enterprises want some assurance that AI systems are being developed and deployed in accordance with their corporate transparency and accountability standards.
  • Improving safety and reliability: Auditing of data and operations can help to identify and address potential safety and reliability issues.
  • Preventing the spread of misinformation: identifying and flagging AI-generated content can help limit the spread of misinformation.

Bookend is building a platform that promotes the safe use of Generative AI in the enterprise with capabilities like the above into the platform.

While watermarking and auditing are two techniques that can mitigate these needs, current options for using watermarking and auditing are complicated and cumbersome. Many tools are tied to individual proprietary models. Others are constrained to use only on a single cloud. Rolling a DiY custom solution is time consuming and expensive.


Bookend AI Watermarks make use of cryptography to embed a signature into any digital asset such as a file, a database record, image etc. The signature can be used independent of Bookend AI to prove ownership of the asset or to detect unauthorized modifications.

The diagram above is a simple schematic of how Bookend AI Watermarks work. The sequence of steps below is a short explanation:

  • A model, a set of files, images and other assets exist on Cloud resource such as Google Cloud Storage
  • To verify the state of a model Bookend AI takes a snapshot of that specific state on each change. Here, a change could be a model training or retraining, or other user-defined event.
  • To record a snapshot, Bookend AI then uses a proprietary date-stamped ledger entry with the snapshot.
  • The entire ledger is widely distributed which prevents tampering with existing entries. Bookend then can keep a copy of all ledger entries and allow verification against the public ledger any time.
  • If two parties want to confirm the state of a model, the second party would be informed of state changes

How it works

Bookend first generates a hash value of data –a commonly used approach to ensure data authenticity and anonymous data verification. This process creates a unique, fixed-length digital representation of the data, also known as a “fingerprint” or “digest”, which can be used to verify that the original data has not been tampered with or altered in any way.

Bookend AI takes advantage of distributed ledger technology to persist entries. The implementation of this distributed ledger uses a blockchain, where the hash is written. The ledger gives us a reference to the new entry which is saved.

The recording process provides a transaction id which is used to create a Merkle Tree hash of the SHA-3 hash with the transaction id. The ledger entries we create are public but only include our cryptographic hash value. There is no data that can be extracted from this hash value.

An example of what is recorded in the ledger:

Expand the “More Details” to see input data: 0x535701589add8f3864675fa26e053dacba4e3a27a91d1ba61f0cf8ae0f2b6b35d39197

This data is permanently recorded in the Ethereum blockchain and is immutable. By following the hashing steps on our own copy of the model files we can determine if the files we have match what was recorded on the blockchain.

Use cases

Bookend watermarks are a valuable tool for enterprise applications developers who want to safeguard the integrity and ownership of Generative AI models, operations and data. This feature can be powerful tool in protecting enterprise assets such as intellectual property, as it is a simple yet beneficial advantage in verification of the authenticity of digital assets

Some examples of how customers use Bookend AI Watermarks:

  • Copyright protection: Add copyright information into digital assets. This information is useful for identifying ownership and for the safeguarding of unauthorized copying and distribution of those assets.
  • Content authentication: Verify the authenticity of content — a useful tool for verifying changes and provenance of contracts and legal documents.
  • Tamper detection: If the watermark is modified or removed, it can signal an unauthorized change of the asset.

Safe AI, Simplified

Our mission at Bookend AI is to make Safe AI simple. To make that happen, we are on a path to build the most comprehensive set of tools for developers building Generative AI powered applications for the enterprise.