C2PA in Music: MCP for Content Provenance | MusicTech Lab

A LinkedIn post by Dawid Owczarek stopped my scroll: Google Lyria is now embedding C2PA manifests inside the MP3s you download from it. I went and checked, and yes, the file really does contain a cryptographically signed manifest declaring who made the track, what tool produced it, and what watermark was applied. That sent me down a rabbit hole, and this post is the result. The headline, though, is not Lyria. The headline is C2PA itself, finally arriving in audio.

If you work in music, you have spent years living with ISRC, ISWC, ISNI, and DDEX. Those standards answer the question who owns this recording. C2PA answers a different question: who created it, and how. That is the layer music has been missing, and the layer AI makes urgent.

What C2PA actually is

C2PA stands for the Coalition for Content Provenance and Authenticity. It is a JDF-hosted open standard, founded in 2021 by Adobe, Microsoft, Intel, BBC, and others, with Google joining as a steering member shortly after. The spec defines a binary container that lives inside a media file and carries a cryptographically signed history of how that file came to be.

A C2PA manifest contains:

A claim generator identifying the software that created the manifest
A list of assertions (actions, hashes, training data declarations, soft bindings)
Ingredients describing source assets used as inputs
A signature that ties everything to a known certificate issuer

The whole thing is designed to be self-contained and tamper-evident. You can rename a file, strip its ID3 tags, or re-encode the audio, and the manifest either travels with the file intact or breaks in a detectable way.

C2PA does not prove a file is original, copyright-free, or human-made. It proves a verifiable chain of declarations: this software signed this claim, on this date, about this content. That distinction is the foundation everything else builds on. For the human-made angle specifically, separate efforts like Verified Human Cert issue cryptographic certifications that a track was created by people, not AI — a complementary layer to C2PA's provenance trail. We open-sourced an MCP server for the VHC registry earlier this year, if you want to query it from Claude alongside this C2PA MCP.

What Google Lyria proved

The clearest sign that audio C2PA has crossed the line from spec to product is what Google shipped in Lyria. When you download a Lyria-generated MP3, the file contains a fully populated C2PA manifest. Here is a snippet from a track I generated, abbreviated for clarity:

lyria-manifest.json

{
  "active_manifest": "urn:c2pa:80faaddf-fe27-1e7d-0ce5-4a70eeba2dd1",
  "manifests": {
    "urn:c2pa:80faaddf-fe27-1e7d-0ce5-4a70eeba2dd1": {
      "claim_generator_info": [
        {
          "name": "Google C2PA Core Generator Library",
          "version": "916434528:916944653"
        }
      ],
      "assertions": [
        {
          "label": "c2pa.actions.v2",
          "data": {
            "actions": [
              {
                "action": "c2pa.created",
                "digitalSourceType": "http://cv.iptc.org/newscodes/digitalsourcetype/trainedAlgorithmicMedia",
                "description": "Created by Google Generative AI."
              },
              {
                "action": "c2pa.edited",
                "digitalSourceType": "http://cv.iptc.org/newscodes/digitalsourcetype/trainedAlgorithmicMedia",
                "description": "Applied imperceptible SynthID watermark."
              }
            ]
          }
        }
      ]
    }
  }
}

This is a real-world example of every piece of the spec working in audio: claim generator, signed actions, IPTC digitalSourceType URI for AI disclosure, and a SynthID watermark recorded as a c2pa.edited action. The whole manifest is signed by Google LLC.

Why C2PA matters for the music industry

Music has spent years building IDs and registries to answer ownership. C2PA layers on top to answer origin. The combination changes several workflows materially.

Rights and royalties

A signed declaration of how a track was created is a better input than after-the-fact AI detection.

DSP compliance

Streaming platforms need machine-readable AI flags for listener disclosure and licensing math.

Distributor ingestion checks

A C2PA check at delivery time sits naturally alongside DDEX validation.

Catalog hygiene for AI

AI music libraries can require C2PA on every clip and reject unsigned submissions.

Reading C2PA in plain English with Claude

The official tool for reading C2PA is the Rust c2patool binary. It works, but the output is raw JSON, and few people in the music industry will install a Rust CLI to inspect a download.

So we built mtl-c2pa-mcp, an open-source MCP server that wraps the official c2pa-python library and exposes it as tools inside Claude Code.

The MCP runs locally. Your audio files never leave your machine. c2pa-python is the official Adobe Rust binding, the same engine that powers the c2patool CLI.

The server exposes seven tools:

c2pa_summary       Human-friendly overview: generator, AI flag, actions, watermark, signature
c2pa_read          Full raw manifest store
c2pa_assertions    All assertions from the active manifest
c2pa_ingredients   Source assets used to create this file
c2pa_verify        Signature issuer, validation state, failures
c2pa_scan          Audit a folder: which files carry C2PA, which are AI-generated
c2pa_info          Library version and supported MIME types

Install once:

git clone https://github.com/musictechlab/mtl-c2pa-mcp.git
cd mtl-c2pa-mcp
poetry install
claude mcp add -s user mtl-c2pa -- poetry --directory $(pwd) run python -m mtl_c2pa_mcp

Then ask Claude in plain English:

"What does the C2PA manifest in ~/Downloads/track.mp3 say?"

Claude finds the file, calls the MCP, and renders the manifest as a clean table:

C2PA manifest summary rendered in Claude Code for a Lyria-generated MP3

Under the hood, that's the JSON the c2pa_summary tool returns:

c2pa_summary output

{
  "file": "/Users/you/Downloads/track.mp3",
  "generator": {
    "name": "Google C2PA Core Generator Library",
    "version": "916434528:916944653"
  },
  "is_ai_generated": true,
  "digital_source_types": [
    "http://cv.iptc.org/newscodes/digitalsourcetype/trainedAlgorithmicMedia"
  ],
  "actions": [
    {"action": "c2pa.created", "description": "Created by Google Generative AI."},
    {"action": "c2pa.edited",  "description": "Applied imperceptible SynthID watermark."}
  ],
  "signature_issuer": "Google LLC",
  "validation": "valid"
}

Ask for the full manifest store and c2pa_read returns everything, including the signing certificate metadata, claim version, and validation status:

Raw C2PA manifest JSON returned by c2pa_read in Claude Code

Notice the signingCredential.untrusted flag in that output. The manifest itself is structurally valid, but Google's signing certificate is not yet in the default trust list shipped with c2pa-python. That is not a forgery signal, just a reminder that trust lists are a separate, evolving piece of the C2PA infrastructure. Compliance workflows have to pin the trust anchors they accept.

For an A&R team auditing a batch of demos, c2pa_scan walks a directory and reports which files carry a manifest and which are flagged as AI-generated. No spreadsheet, no manual triage:

C2PA scan of a Music folder showing which tracks carry a manifest and which are AI-generated

In the screenshot, four MP3s in ~/Music. One (the Lyria-generated track) carries a Google-signed C2PA manifest flagged as trainedAlgorithmicMedia. The other three are unsigned. 25% coverage, with a clear AI-or-not column.

What's next

The MCP solves the problem for developers and anyone comfortable in Claude Code. But most of the people who actually need to read a C2PA manifest, A&R scouts, label managers, rights administrators, music lawyers, journalists, will never open a terminal. Raw JSON is not a deliverable for them.

So phase two is a visual C2PA translator at musictechlab.io: drop a file in the browser, see the manifest rendered in plain English (Who, What, When, How), with a trust score and a JSON export for the technical readers who want it. Everything client-side, nothing uploaded, similar to what melchersystem.com has done for images, but tuned for audio and the music industry's specific provenance questions.

C2PA still evolves: signing trust lists change, and tooling support varies between vendors. Treat manifests as evidence, not as legal proof. The MCP and the upcoming translator are inspection tools, not compliance certifications.

If you produce, distribute, or license music, this is the moment to start paying attention. C2PA is no longer a slide in a keynote. It is a thing you can grep for in a downloads folder.

Who already implements C2PA

The list of organizations shipping C2PA in production is no longer short. As of 2026 the coalition counts over 6,000 members and affiliates, and the implementation list spans cameras, AI services, creative tools, and social platforms.

AI generators

Sign generated images, audio, and video with C2PA at creation time.

Cameras

Hardware-backed signing at capture time. Provenance starts at the sensor.

Creative tools

Maintain Content Credentials through the editing chain, not just at capture.

Platforms and publishers

Display Content Credentials to viewers, or use them for ingest checks.

The music side is the newest entry in this lineup. Google Lyria is the first major AI music service to ship C2PA in downloadable MP3s, but the infrastructure (signing libraries, trust lists, viewer apps) is already mature on the image and video side. That groundwork is what makes audio adoption practical now rather than years away.