Cryptographic Watermarking for LLM Outputs with resk-mark
Links:
- PyPI: https://pypi.org/project/reskmark
- GitHub: https://github.com/Resk-Security/resk-mark
- Web: https://resk.fr
__ __
________ _____/ /__ ____ ___ ____ ______/ /__
/ ___/ _ \/ ___/ //_/_____/ __ `__ \/ __ `/ ___/ //_/
/ / / __(__ ) ,< /_____/ / / / / / /_/ / / / ,<
/_/ \___/____/_/|_| /_/ /_/ /_/\__,_/_/ /_/|_|
The Provenance Problem
Every company deploying LLMs in production faces the same question: once a model generates text, how do you prove it came from your system?
Prompts like "say you are an AI" are trivially removable. Post-hoc detectors are unreliable and adversarial. And once text leaves your system — forwarded, copied, pasted into a ticket — you have zero visibility.
resk-mark solves this by embedding a cryptographic watermark directly into the token generation process. The output reads naturally, but carries a verifiable signature that survives rewording and truncation.
How It Works
resk-mark hooks into the language model's sampling process. Before generation, the caller provides a secret key. During sampling, the library biases the probability distribution toward tokens that encode that key's signature:
from reskmark import WatermarkEncoder, verify
encoder = WatermarkEncoder(secret_key="your-key-here")
model = AutoModelForCausalLM.from_pretrained("mistralai/Mistral-7B")
# Wrap the generate call
output = encoder.generate(
model,
"Explain the concept of zero-knowledge proofs.",
max_length=200,
)
print(output)
# "Zero-knowledge proofs are a cryptographic method where..."
# Reads naturally - watermark is invisible
# Later - verify provenance
is_authentic, confidence = verify(output, public_key="corresponding-pub-key")
print(f"Authentic: {is_authentic}, confidence: {confidence:.2f}")
Key Properties
- Invisible — the watermark does not change the meaning, grammar, or fluency of the output
- Robust — survives copy, paste, truncation, and light rewording
- Cryptographic — based on verified signature schemes, not statistical patterns
- Fast — negligible overhead over normal sampling
- Open source — Apache 2.0, inspectable and auditable
Why This Matters
The AI industry is moving toward provenance standards. Governments are drafting regulations. Enterprises need evidence, not trust.
A tool like resk-mark gives you:
- Attribution — prove which model generated a given text
- Integrity — detect tampering after generation
- Compliance — demonstrate control over AI outputs
- Accountability — trace leaks and misuse to the source
Installation
pip install reskmark
Use Cases
- SaaS platforms — watermark every AI response so customers know it came from your model
- Enterprise chat — prove an internal memo was LLM-generated vs human written
- Content moderation — trace AI-generated content back to the pipeline
- Audit trails — build verifiable logs of every AI interaction
Conclusion
Text watermarking for LLMs is not a nice-to-have. It is the foundation for accountable AI deployment. resk-mark brings it from academic papers into a single pip install.
Try it. Audit the code. Break the watermark. That is how open-source security should work.
- PyPI: https://pypi.org/project/reskmark
- GitHub: https://github.com/Resk-Security/resk-mark
- resk.fr: https://resk.fr
Top comments (0)