Today we are sharing the technical details behind Sentinel-4B, our state-of-the-art document forensics model and the core detection engine powering DocVerify. Sentinel-4B sets new industry benchmarks across every evaluation dimension — classification, method detection, spatial localisation, and OCR — while using half the parameters of the previous best system. It is, to our knowledge, the most capable document tampering detection model available at any size.
What Sentinel-4B Does
Most document verification systems answer a single question: what does this document say? They extract text with OCR, parse fields, and check consistency. But they never ask the harder question: is this document real?
Sentinel-4B answers both. Given a document image, it performs four tasks simultaneously:
- Classification — Is this document authentic, entirely AI-generated, or locally tampered?
- Method identification — Was the tampering done via copy-paste, face-swap, or generative editing?
- OCR extraction — What specific text was altered?
- Spatial localisation — Where exactly is the tampered region? (bounding box coordinates)
It does this through chain-of-thought reasoning — the model explains its forensic analysis step by step before delivering a verdict. Every prediction is auditable.
Reasoning
The receipt shows visual inconsistencies around the total amount field. The font rendering differs subtly from surrounding text, and there are compression artifacts at the boundary of the edited region. The manipulation appears localised to a single field — consistent with copy-paste editing of the price.
Verdict
⚠ Tampered — copy-paste manipulation detected
Performance
We evaluated Sentinel-4B against two baselines: a general-purpose 7B vision-language model (zero-shot, no document forensics training), and the published TextShield-R1 model — a 7B model specifically trained for text tampering detection using the same dataset family.
Key numbers:
| Metric | Base VLM 7B | TextShield-R1 7B | Sentinel-4B |
|---|---|---|---|
| Classification accuracy | 35.0% | 86.5% | 91.6% |
| Method detection | 1.1% | 75.0% | 79.6% |
| Localisation IoU | 0.000 | 0.049 | 0.183 |
| OCR similarity | 13.2% | 31.1% | 42.1% |
Sentinel-4B sets new state-of-the-art benchmarks on every metric — with a model nearly half the size. These are not incremental gains: classification accuracy jumps +5.1%, localisation improves by 3.7×, and OCR accuracy increases +11.0% over the previous best published system.
The base 7B vision-language model scores 35% on classification — essentially random for a three-way task. It has no concept of document tampering without forensic training. This illustrates why general-purpose vision models, no matter how capable, cannot solve document verification out of the box.
How We Trained It
Sentinel-4B is trained through a three-stage pipeline, each building specific forensic capabilities:
Stage 1 — Forensic Pre-training
The model is first exposed to tens of thousands of document images spanning authentic documents, AI-generated fakes, and locally tampered files. This stage builds foundational forensic pattern recognition — what authentic documents look like, the visual signatures of AI generation, and the pixel-level artifacts of copy-paste and face-swap manipulation.
No structured reasoning is required here. The model simply learns to see the difference.
Stage 2 — Reasoning SFT
Next, the model learns to produce structured forensic reports. We train on thousands of fully annotated samples where each example includes step-by-step reasoning about the visual evidence, a definitive classification, the identified forgery method, the specific altered text, and bounding box coordinates around the tampered region.
After this stage, the model can already classify documents at 90% accuracy. But it is not yet optimised for the full forensic task — especially localisation.
Stage 3 — Reinforcement Learning with Forensic Rewards
The final and most impactful stage uses Group Relative Policy Optimization (GRPO) — a reinforcement learning method where the model generates multiple candidate analyses for each document, scores them against five specialised reward functions, and learns to produce better forensic reports.
The five reward signals target different forensic capabilities:
- Classification reward — correct identification of real, generated, or tampered. Heavily penalises false positives (calling a real document fake).
- Method reward — correct identification of the tampering technique.
- OCR reward — accuracy of the extracted tampered text, measured by edit distance.
- Localisation reward — spatial accuracy of the predicted bounding box, using a smooth IoU metric that provides gradient signal even at low overlap.
- Format reward — structural compliance of the output for reliable parsing.
The combination of multiple reward signals — especially the heavy weighting on localisation — is what pushes Sentinel-4B beyond supervised-only models. The model learns not just to classify, but to locate and explain.
Autonomous Research Loop
Sentinel-4B was not trained once and shipped. It is the product of an autonomous AI research loop — a system where an AI researcher agent continuously designs experiments, trains models, evaluates results, and iterates on hyperparameters, with a human researcher providing strategic direction and domain feedback.
Over the course of one week on high-end GPU infrastructure, the system executed over 50 experiments — each testing different combinations of learning rates, reward weights, LoRA configurations, batch sizes, generation parameters, and training schedules. The AI agent analysed training curves, identified failure modes (reward collapse, memory spikes, capability regressions), proposed fixes, and launched the next experiment — often within minutes of the previous one completing.
This loop works because most ML research time is spent on the mechanical parts: reading logs, adjusting configs, restarting crashed runs, and interpreting metrics. An AI agent handles all of that at machine speed, while the human researcher focuses on the decisions that actually matter: which capabilities to prioritise, when a metric plateau means the approach is wrong versus needs more time, and how to balance competing objectives.
Key discoveries from the loop:
- Reward weight tuning — the agent discovered that heavy IoU weighting (4×) was necessary to break through the localisation plateau, but at the cost of method detection accuracy. This trade-off was invisible in single experiments.
- Memory management — after multiple OOM crashes, the agent diagnosed the root cause (VRAM fragmentation during GRPO generation) and implemented DeepSpeed ZeRO-2, reducing peak memory from 93GB to a stable 52GB per GPU.
- Data exposure — the agent identified that crash-restart cycles were causing the model to repeatedly train on the same 4% of data. Implementing checkpoint resume and data seeding fixed a fundamental training bug that would have been missed in manual experimentation.
The result: a week of autonomous research produced a model that outperforms a published academic system — with a fraction of the compute budget. We believe this human-AI research loop is the future of applied ML, and Sentinel-4B is proof that it works at production quality.
What Makes This Hard
Document tampering detection is harder than it appears. Here is why general-purpose AI models struggle:
Tampering is designed to be invisible. A competent forger changes only the minimum number of pixels. The visual difference between an authentic $500 receipt and a tampered $5,000 receipt can be a handful of pixels in a 2-megapixel image.
The forensic signals are subtle. Compression artifacts around edited regions, inconsistent font rendering, mismatched noise patterns, and statistical anomalies in pixel distributions. These are not features that general vision models are trained to notice.
Localisation requires spatial precision in a text model. Sentinel-4B predicts bounding box coordinates as text tokens — each digit generated autoregressively. Getting a bounding box within 18% IoU of ground truth (our current performance) requires the model to have genuine spatial understanding, not just classification ability.
The base rate is adversarial. In production, most documents are authentic. A model that achieves 95% accuracy by classifying everything as "real" is useless. Sentinel-4B's asymmetric reward penalties specifically train the model to maintain low false positive rates — only 4.6% of authentic documents are incorrectly flagged.
Per-Category Detection
Per-category detection rate
Sentinel-4B achieves over 95% detection on AI-generated and authentic documents. Tampered documents — where only a small region has been edited — are the hardest category at 83%. The primary failure mode is subtle tampered documents being classified as authentic (16.5% miss rate on tampered), which reflects the fundamental difficulty of localised edit detection.
Industry-Leading Efficiency
Sentinel-4B achieves state-of-the-art results with 4 billion parameters — nearly half the size of the previous best system at 7B. This is not a compromise. It is a deliberate architectural advantage.
The entire model was trained on just 2 GPUs using parameter-efficient fine-tuning and DeepSpeed ZeRO-2. No 8-GPU clusters. No months of compute. Our training pipeline enables rapid iteration — we checkpoint every 25 steps and evaluate continuously. This research velocity is a core part of DocVerify's competitive moat.
For deployment, smaller means practical. Lower memory footprint. The ability to run forensic verification on a single GPU rather than requiring a multi-node cluster. A full forensic analysis — including chain-of-thought reasoning, classification, OCR, and localisation — completes in 10–15 seconds per document. Fast enough for real-time API integration at the point of intake, where batch-processing alternatives introduce hours of delay.
What Sentinel-4B Gets Wrong
Honesty about limitations is part of building trust in any verification system:
- Spatial precision is limited. Predicting bounding boxes as text tokens introduces quantisation error. At IoU 0.183, the model identifies the general region but not the pixel boundary. A dedicated spatial head would likely improve this substantially.
- Small edits are hard to catch. Tampering that affects less than 4% of the image area — a single changed digit, a minor date edit — remains challenging. The visual signal is simply too weak at current resolutions.
- Method detection traded off against localisation. Our reward weighting optimises heavily for spatial accuracy, which slightly reduced method detection compared to the supervised-only stage. This is a tunable trade-off, not a fundamental limitation.
Why This Matters Now
The document verification market is at an inflection point. Generative AI has made it trivial to produce convincing fakes — a forged pay stub costs $5 and takes 30 seconds. Meanwhile, the industry's defences are still built on OCR and rules: extract text, check if numbers add up, maybe cross-reference a database. This catches obvious inconsistencies but is blind to documents that are internally consistent yet fabricated.
Sentinel-4B represents a fundamentally different approach. It examines documents at the pixel level — analysing compression artifacts, font rendering, noise patterns, and spatial consistency — to determine whether the physical document itself is authentic. This is the difference between checking what a document says and checking what a document is.
We believe this capability — AI-native document forensics — will become table stakes for any platform that processes identity documents, financial records, or compliance paperwork. The companies that build this into their verification stack now will have a structural advantage as generative fraud scales.
Sentinel-4B is live in the DocVerify platform today, available via API and dashboard. If you are processing documents where authenticity matters — lending, insurance, hiring, compliance — get in touch.
Sentinel-4B is developed by DocVerify Research in Zurich, Switzerland. For technical details, partnership enquiries, or API access, contact research@docverify.app.