The fingerprint, field by field

We routinely inspect AI-exported PDFs whose metadata reads like a signed confession — for example an Author field set to "Claude" and a Producer of "ReportLab PDF Library". The typical traces:

  • Author / Creator fields naming the AI assistant or left conspicuously unset where a human author's name would normally be.
  • Producer strings from generation toolchains — ReportLab, WeasyPrint, wkhtmltopdf, Pandoc, python-docx — libraries humans rarely use directly, but AI code pipelines use constantly.
  • Timestamps with no history — created and modified within the same minute, revision count of one. Human documents accumulate editing sessions; generated ones appear fully formed.
  • C2PA credentials in embedded images — the chart or hero image made with DALL-E or Firefly keeps its content credentials inside your PDF or deck.
PrivyClean for Mac flagging a PDF with 'AI Detected — AI Fingerprint Detected': the Author field reads Claude and the Producer identifies the ReportLab PDF generation library

Who should be checking

  • Consultants and agencies — a client-facing report whose metadata names an AI tool tells a story about your process and your hours that you did not choose to tell.
  • Product managers and engineers — specs, memos, and analyses drafted with AI assistants and exported straight to PDF carry the pipeline's fingerprints by default.
  • Anyone under disclosure rules — the flip side: if your context requires AI disclosure (client contract, journal, employer policy, or the EU AI Act), you need to know what your files claim before someone else inspects them.

Check your documents for AI fingerprints

PrivyClean detects AI markers in PDF, Word, and Excel files — author traces, generator libraries, C2PA in embedded images — and cleans what you choose. 100% offline.

3 free cleans to try · iPhone $7.99 · Mac $14.99 one-time

Inspect first: the honest workflow

  1. Drop the file into PrivyClean. Documents with AI traces get an AI Fingerprint Detected flag, with the exact fields listed — which author string, which producer library, which embedded image carries credentials.
  2. Decide with the facts. Sometimes the right move is removal (a false impression of pure automation on heavily human-edited work, or workflow privacy for internal tooling). Sometimes it is disclosure. Either way, you decide — not your export pipeline.
  3. Export a cleaned copy when removal is the call. Author traces, generator strings, timestamps, and embedded-image credentials are stripped; items that cannot be safely removed are flagged, not hidden. The original stays untouched.
PrivyClean for Mac after cleaning a batch of files, showing the metadata removed from each document

Where this is heading

Provenance metadata is expanding from images into everything else. The EU AI Act's transparency rules (August 2026) push machine-readable AI disclosure across content types, and the C2PA coalition — Adobe, Microsoft, Google, OpenAI — is extending credentials beyond photos. Documents are next. The professionals who do well in that world are the ones who know what their files say before sending them — which has been the point of document metadata hygiene all along.

Related guides

Important: where AI disclosure is required by contract, policy, or regulation, removing metadata does not remove the obligation. PrivyClean exists to show you what your files reveal so you can act deliberately and within your obligations.