Tokenizers split unusual characters at predictable boundaries. Asking the model to repeat known unicode-heavy strings reveals which tokenizer is in use, even without logprobs.
Algorithm
Send three repetition prompts: a Chinese poem, a JSON blob with multi-byte keys, and an emoji ladder. Compute prompt_tokens / locally-computed-tokens per family. Standard deviation across the three is < 0.10 for a consistent tokenizer; > 0.15 strongly suggests the proxy is silently re-tokenizing or routing across mixed backends.
Thresholds
Condition
Verdict contribution
std(ratio) < 0.10
Consistent tokenizer
0.10 ≤ std < 0.15
Borderline
std ≥ 0.15
Mismatch
Limitations
Custom merges or fine-tuned vocabularies (e.g., proprietary code models) may legitimately diverge from the base BPE.
Anysingle signal cannot provemalicious behavior. Proxies may show anomalies for legitimate reasons (regional routing, A/B testing, degradation strategies, cache optimization).
Token ratio deviation may result from ChatML wrapping, system prompt injection, or tokenizer version differences — not necessarily intentional inflation.
Model identity judgment is based on statistical fingerprint matching, not cryptographic proof. Quantization, fine-tuning, and post-processing can all alter fingerprints.
MMD distribution tests are sensitive to temperature, sampling parameters, and system prompts. Significant p-values mean distributional difference, not proof of substitution.
Logprobs unavailability is increasingly common (many providers disable it by default in 2025-2026) and does not by itself indicate deception.
ITT rhythm fingerprinting is an early-stage technique. Network jitter, TCP coalescing, and gateway buffering can produce false signals.
This tool generates reference-grade evidence chains, not legal conclusions. Do not make definitive accusations based solely on this report.
The wording in the report refers to statistical "deviations" or "signal inconsistencies". Please do not use this to make fraud or deception claims against any service provider.