mAVE: A Watermark for Joint Audio-Visual Generation Models
This work addresses a critical security vulnerability for vendors deploying joint audio-visual generation models, protecting their copyright and reputation from malicious content attribution.
This paper tackles the problem of Swap Attacks on watermarks in joint audio-visual generation models, where adversaries replace authentic audio with malicious deepfakes while retaining watermarked video. The proposed mAVE framework cryptographically binds audio and video latents, achieving near-perfect binding integrity (>99%) and providing an exponential security bound against Swap Attacks.
As Joint Audio-Visual Generation Models see widespread commercial deployment, embedding watermarks has become essential for protecting vendor copyright and ensuring content provenance. However, existing techniques suffer from an architectural mismatch by treating modalities as decoupled entities, exposing a critical Binding Vulnerability. Adversaries exploit this via Swap Attacks by replacing authentic audio with malicious deepfakes while retaining the watermarked video. Because current detectors rely on independent verification ($Video_{wm}\vee Audio_{wm}$), they incorrectly authenticate the manipulated content, falsely attributing harmful media to the original vendor and severely damaging their reputation. To address this, we propose mAVE (Manifold Audio-Visual Entanglement), the first watermarking framework natively designed for joint architectures. mAVE cryptographically binds audio and video latents at initialization without fine-tuning, defining a Legitimate Entanglement Manifold via Inverse Transform Sampling. Experiments on state-of-the-art models (LTX-2, MOVA) demonstrate that mAVE guarantees performance-losslessness and provides an exponential security bound against Swap Attacks. Achieving near-perfect binding integrity ($>99\%$), mAVE offers a robust cryptographic defense for vendor copyright.