Cryptographic Watermarking for LLM Outputs with resk-mark
Links:
__ __
________ _____/ /__ ____ ___ ____ ______/ /__
/ ___/ _ \/ ___/ //_/_____/ __ `__ \/ __ `/ ___/ //_/
/ / / __(__ ) ,< /_____/ / / / / / /_/ / / / ,<
/_/ \___/____/_/|_| /_/ /_/ /_/\__,_/_/ /_/|_|
Every company deploying LLMs in production faces the same question: once a model generates text, how do you prove it came from your system?
Prompts like "say you are an AI" are trivially removable. Post-hoc detectors are unreliable and adversarial. And once text leaves your system — forwarded, copied, pasted into a ticket — you have zero visibility.
resk-mark solves this by embedding a cryptographic watermark directly into the token generation process. The output reads naturally, but carries a verifiable signature that survives rewording and truncation.
resk-mark hooks into the language model's sampling process. Before generation, the caller provides a secret key. During sampling, the library biases the probability distribution toward tokens that encode that key's signature:
from reskmark import WatermarkEncoder, verify
encoder = WatermarkEncoder(secret_key="your-key-here")
model = AutoModelForCausalLM.from_pretrained("mistralai/Mistral-7B")
output = encoder.generate(
model,
"Explain the concept of zero-knowledge proofs.",
max_length=200,
)
print(output)
is_authentic, confidence = verify(output, public_key="corresponding-pub-key")
print(f"Authentic: {is_authentic}, confidence: {confidence:.2f}")
The AI industry is moving toward provenance standards. Governments are drafting regulations. Enterprises need evidence, not trust.
A tool like resk-mark gives you:
pip install reskmark
Text watermarking for LLMs is not a nice-to-have. It is the foundation for accountable AI deployment. resk-mark brings it from academic papers into a single pip install.
Try it. Audit the code. Break the watermark. That is how open-source security should work.