Deepfake detection faces two critical bottlenecks: (1) post-hoc binary classification leads to uncontrolled false positive rates (FPR), and (2) existing methods are vulnerable to low-cost adversarial attacks, exhibiting poor robustness. To address these, we propose a calibrated re-synthesis verification framework, introducing the novel paradigm of “verifiable authenticity”—shifting from mere fake/real classification to determining whether content is authentic *or* whether its authenticity is reasonably contestable. Our method integrates multimodal support, latent-space inversion, and adversarial-aware re-synthesis modeling, enabling strict FPR control under high-precision–low-recall regimes. Experiments demonstrate that, under equal computational budgets, our approach significantly enhances resilience against efficient adversarial attacks—achieving the lowest FPR and highest verification reliability on authentic samples. To our knowledge, this is the first method to attain strong robustness in computation-constrained adversarial settings.

Generative models can synthesize highly realistic content, so-called deepfakes, that are already being misused at scale to undermine digital media authenticity. Current deepfake detection methods are unreliable for two reasons: (i) distinguishing inauthentic content post-hoc is often impossible (e.g., with memorized samples), leading to an unbounded false positive rate (FPR); and (ii) detection lacks robustness, as adversaries can adapt to known detectors with near-perfect accuracy using minimal computational resources. To address these limitations, we propose a resynthesis framework to determine if a sample is authentic or if its authenticity can be plausibly denied. We make two key contributions focusing on the high-precision, low-recall setting against efficient (i.e., compute-restricted) adversaries. First, we demonstrate that our calibrated resynthesis method is the most reliable approach for verifying authentic samples while maintaining controllable, low FPRs. Second, we show that our method achieves adversarial robustness against efficient adversaries, whereas prior methods are easily evaded under identical compute budgets. Our approach supports multiple modalities and leverages state-of-the-art inversion techniques.