This work addresses the vulnerability of large language model (LLM) watermarks to learning-based spoofing attacks and the lack of reliable post-hoc detection mechanisms. We propose the first provably reliable statistical framework for posterior watermark detection. Departing from conventional front-end hardening strategies, we theoretically establish that prevalent learning-based spoofing methods universally induce quantifiable statistical anomalies—specifically, deviations in watermark sequence entropy, bias, and token-level probability distributions. Leveraging these insights, we formulate a rigorous hypothesis-testing methodology grounded in statistical inference. Our detector achieves over 95% spoofing detection accuracy against multiple state-of-the-art attacks, significantly outperforming existing baselines. To facilitate practical adoption, we open-source a comprehensive detection toolkit. This work introduces a novel, general-purpose, and empirically validated defense paradigm for trustworthy watermark deployment in LLMs.

LLM watermarks stand out as a promising way to attribute ownership of LLM-generated text. One threat to watermark credibility comes from spoofing attacks, where an unauthorized third party forges the watermark, enabling it to falsely attribute arbitrary texts to a particular LLM. Despite recent work demonstrating that state-of-the-art schemes are, in fact, vulnerable to spoofing, no prior work has focused on post-hoc methods to discover spoofing attempts. In this work, we for the first time propose a reliable statistical method to distinguish spoofed from genuinely watermarked text, suggesting that current spoofing attacks are less effective than previously thought. In particular, we show that regardless of their underlying approach, all current learning-based spoofing methods consistently leave observable artifacts in spoofed texts, indicative of watermark forgery. We build upon these findings to propose rigorous statistical tests that reliably reveal the presence of such artifacts and thus demonstrate that a watermark has been spoofed. Our experimental evaluation shows high test power across all learning-based spoofing methods, providing insights into their fundamental limitations and suggesting a way to mitigate this threat. We make all our code available at https://github.com/eth-sri/watermark-spoofing-detection .