TTFT and throughput can reveal routing or cache anomalies, but they are too environment-dependent to score in the current model.
Algorithm
Collect request latency, time to first token where available, and tokens per second across probes. Compare the distribution with coarse expected ranges and display deviations as diagnostic context.
Thresholds
Condition
Verdict contribution
Within coarse expected range
Diagnostic match
Large deviation or unstable distribution
Diagnostic anomaly
Any result
Score contribution remains 0
Limitations
Latency is dominated by geography, provider load, queueing, gateway buffering, client network, and cache state. It can support a story but should not decide identity.
Anysingle signal cannot provemalicious behavior. Proxies may show anomalies for legitimate reasons (regional routing, A/B testing, degradation strategies, cache optimization).
Token ratio deviation may result from ChatML wrapping, system prompt injection, or tokenizer version differences — not necessarily intentional inflation.
Model identity judgment is based on statistical fingerprint matching, not cryptographic proof. Quantization, fine-tuning, and post-processing can all alter fingerprints.
MMD distribution tests are sensitive to temperature, sampling parameters, and system prompts. Significant p-values mean distributional difference, not proof of substitution.
Logprobs unavailability is increasingly common (many providers disable it by default in 2025-2026) and does not by itself indicate deception.
ITT rhythm fingerprinting is an early-stage technique. Network jitter, TCP coalescing, and gateway buffering can produce false signals.
This tool generates reference-grade evidence chains, not legal conclusions. Do not make definitive accusations based solely on this report.
The wording in the report refers to statistical "deviations" or "signal inconsistencies". Please do not use this to make fraud or deception claims against any service provider.