GPT has a hidden steganographic watermark in its output, so the arms race should be one-sided.

Do you know how that works? I am unfortunately pretty ignorant about this topic but that seems like such a cool and difficult thing to create.

Comment from a few days ago: https://news.ycombinator.com/item?id=34504545

> So then to watermark, instead of selecting the next token randomly, the idea will be to select it pseudorandomly, using a cryptographic pseudorandom function, whose key is known only to OpenAI. That won’t make any detectable difference to the end user, assuming the end user can’t distinguish the pseudorandom numbers from truly random ones. But now you can choose a pseudorandom function that secretly biases a certain score—a sum over a certain function g evaluated at each n-gram (sequence of n consecutive tokens), for some small n—which score you can also compute if you know the key for this pseudorandom function.

I remain skeptical that this method is resistant against lossy transformations such as changing punctuation, grammar, synonym replacements, 2-way translations and a bunch of other existing tools that are capable of rewording written text.