How to Detect AI-Generated Documents: A Forensic Analysis Primer

The Detection Layers

Layer 1: Template and Format Validation

The first layer checks whether the document matches the expected format for its claimed type and country. Does the layout conform to the known template? Are the fonts correct? Is the MRZ (Machine Readable Zone) properly encoded? Does the barcode contain consistent data?

This layer catches crude forgeries — documents created by someone who does not know the correct format. It does not catch AI-generated documents, which are specifically trained to match templates perfectly. Template validation is necessary but not sufficient.

Layer 2: MRZ and VIZ Cross-Referencing

The Machine Readable Zone contains encoded data — name, date of birth, nationality, document number, and check digits — that should match the Visual Inspection Zone (the human-readable text on the document). Cross-referencing MRZ and VIZ data catches documents where the visible information has been modified without updating the MRZ, or vice versa.

AI-generated documents often encode the MRZ correctly (because the encoding algorithm is publicly documented), but may produce VIZ content that contains subtle inconsistencies — character spacing that does not match the specific font used by the genuine issuer, or text positioning that deviates from the template by fractions of a millimeter. These inconsistencies are invisible to the human eye but measurable by analysis.

Layer 3: Fast Fourier Transform (FFT) Analysis

FFT analysis converts the document image from the spatial domain (pixels) to the frequency domain (patterns of variation across the image). In the frequency domain, genuine camera captures and AI-generated images look fundamentally different.

A genuine document captured by a camera sensor exhibits frequency characteristics determined by the physical properties of the capture: the lens, the sensor, the lighting, and the paper or card surface. The resulting frequency spectrum has specific patterns — including the high-frequency components produced by paper texture, print microstructure, and security features.

AI-generated images exhibit frequency characteristics determined by the generative model's architecture. Most generative models produce images with characteristic spectral signatures — periodic patterns in the frequency domain that result from the model's upsampling and convolution operations. These patterns are invisible in the spatial domain (the image looks normal) but distinctive in the frequency domain.

FFT analysis detects these spectral signatures, identifying documents whose frequency characteristics match known generative model fingerprints rather than genuine camera capture patterns.

Layer 4: Error Level Analysis (ELA)

Error Level Analysis evaluates the compression artifacts across a document image. When a JPEG image is saved, the compression algorithm introduces artifacts at a consistent level throughout the image. If part of the image has been modified — spliced, edited, or generated separately — the compression artifacts in the modified region will differ from the surrounding areas.

For AI-generated documents, ELA can reveal that the entire document image has a uniform compression profile (suggesting it was generated as a single image rather than captured as a photograph of a physical document) or that specific elements — the photograph, a signature, or text fields — have different compression characteristics from the background (suggesting those elements were composited from different sources).

Layer 5: Noise Residual Analysis

Every camera sensor produces a characteristic noise pattern — a unique fingerprint determined by manufacturing variations in the sensor's photodiodes. This noise pattern is consistent across all images captured by that specific sensor and is present in the background of every genuine photograph.

Genuine document captures contain this sensor noise throughout the image. AI-generated documents do not — because the generative model does not replicate sensor-specific noise. Instead, generated images contain synthetic noise that is either absent (the image is unnaturally clean) or follows patterns that do not match any known camera sensor.

Noise residual analysis extracts the noise pattern from the document image and evaluates whether it is consistent with a genuine camera capture. If the noise pattern is absent, inconsistent, or matches known synthetic patterns, the document is flagged as potentially generated.

Layer 6: Security Feature Authentication

Physical identity documents contain security features that are difficult or impossible to replicate through image generation: holograms that change appearance with viewing angle, microprint that is too small to resolve at standard camera resolution, UV-reactive ink that is invisible under normal lighting, tactile features (embossing, intaglio printing) that produce characteristic shadows and reflections, and optically variable devices that shift color when tilted.

For document captures that include video or multiple frames, security feature analysis can evaluate whether these dynamic features are present and behave as expected. A hologram that does not shift with viewing angle, microprint that resolves too cleanly, or embossing that does not cast the expected shadows all indicate a generated or forged document.

Layer 7: NFC Chip Verification

For documents equipped with NFC chips — passports and some national identity cards — chip verification provides the highest-assurance authentication available. The chip contains a digitally signed copy of the holder's photograph, personal data, and in some cases, fingerprint data. The signature is placed by the issuing government using a private cryptographic key.

Verifying the chip's digital signature confirms that the data on the chip was placed there by the legitimate issuing authority and has not been modified. This is a definitive check — a fraudster cannot forge the digital signature without access to the government's private signing key.

The limitation is that NFC chip verification requires the physical document to be present and a device capable of reading the chip. It does not work for document photographs or scans. For remote verification scenarios, chip verification must be combined with other forensic layers.

The Ensemble Approach

No single forensic layer is sufficient. FFT analysis catches most generative model outputs but may miss sophisticated models specifically trained to avoid spectral signatures. ELA catches composited documents but may miss entirely generated images with uniform compression. Noise analysis catches the absence of sensor noise but may be fooled by models that inject synthetic noise designed to mimic real sensors.

The effective approach evaluates all layers simultaneously and fuses their outputs into a single confidence score. The ensemble verdict is stronger than any individual layer because a generated document that defeats one detection method is unlikely to defeat all of them simultaneously.

The system must produce one of three verdicts: PASSED (high confidence the document is genuine), REVIEW (some anomalies detected, requiring human evaluation), or GENERATED (high confidence the document is synthetic or manipulated). The REVIEW category is critical — it captures edge cases where the automated analysis is uncertain and routes them to human experts for final determination.